Monthly Archives

November 2020

Everything To Know About Managed Service Providers

MSP 101 – Managed Service Provider

By | IT Support, managed It services

Managed service providers are becoming more and more popular. Replacing or supplementing traditional IT teams with an MSP can improve the quality of a company’s IT infrastructure. Companies all over the world are taking advantage of all the benefits that come with working with an MSP.

Still, the concept of a managed service provider may be confusing to interested parties and could keep them from utilizing an MSP. Understanding the basics of what an MSP is will help businesses stay ahead of the curve.

 

What Is An MSP?

In order to better understand managed service providers, a bit of history of how they evolved could be useful. Managed service providers have a history dating back to the 1990s. During the early 90s, many IT companies only provided repair services to various technology pieces. That began to change as the 90s evolved and the industry rapidly evolved.

Internet speed was rapidly improving throughout the 90s until it reached a point where software applications could be deployed from a central location. This enabled the development of software that could manage and control a computer from a remote location. Innovative software solutions could be developed and deployed to a number of customers all at once.

The early 2000s marked the beginning of the managed service provider industry. IT consultancies began to create companies filled with computer engineers that could create comprehensive IT frameworks for other companies. By the 2010s this process had become much more robust to the point where an MSP could manage nearly all of another company’s IT software, strategy, and infrastructure. The rise of the cloud has only accelerated this trend.

MSPs have recently exploded in popularity with the rise of cloud services. The cloud allows services and software to run through the internet, instead of on your local computer network. This enables your business to access software, applications, and data anywhere in the world. The cloud has opened the door to various improvements in company productivity, but there are some potential drawbacks.

Managing this complex cloud environment can be extremely challenging. This is one of the key reasons why companies have turned to managed service providers. MSPs can manage the entire IT infrastructure of a company, including the cloud infrastructure. Many companies use an MSP to help take their company into the cloud environment. Managed service providers can also keep software applications up to date, database maintenance and setup, data analytics, cybersecurity, and more. Even with all of these services, some businesses are still hesitant to utilize a managed service provider.

If you could bring all of your IT infrastructure in house, why would you want to pay someone else to do it? Trusting and relying on another company to manage your IT infrastructure and data can be a scary proposition. Many companies want to do everything themselves, but the benefits of MSPs vastly outweigh the risks.

 

Why Do You Need An MSP?

Managed service providers create a ton of value for companies that they work with. If you have not switched to an MSP then you are likely falling behind your competitors. Here are a few reasons why you need a managed service provider.

 

Take Stress Out Of Your Life

Your expertise is likely not in the area of IT. A managed service provider will make your life much easier. Your business can call your MSP anytime to repair any issue that is affecting your business’s IT infrastructure. Your website and IT infrastructure will have significantly less downtime, so your employees will not have to wait around while repairs are made. Instead of worrying about managing an IT department, you can focus on the bigger picture. Your team will have extra time to focus on projects and keep your customers happy.

 

Cost Savings & Scalability

Many businesses believe that hiring an MSP may be out of their budget, but that is not the case. Managed service providers reduce the costs that businesses are responsible for. Companies will no longer have to worry about paying expensive IT employees or investing in IT infrastructure. MSPs will handle all of those costly endeavors. Additionally, as your business grows you will need to add additional IT infrastructure. A managed service provider can help you scale your business easily. Your business can easily increase server space and install additional applications to improve productivity.

Use Their Experts

Managed service providers are full of IT experts that can improve your IT infrastructure. Your team can use an MSP expert to work on a project that will improve your processes and productivity. Instead of having to hire an expensive consultant, you can work with your MSP to finish the project. This is extremely beneficial from an HR perspective as well. Your HR team does not have to manage additional employees and worry about key team members leaving the company. Your team can simply rely on your MSP experts to help out on any projects.

 

How BACS Can Help

Whether your company has 10 employees or 1,000 employees, BACS can create a customized solution that will meet your unique needs. Your business can take advantage of all the benefits that working with us comes with. From cost savings to less stress, your business will be able to focus on the core competencies that drive revenue.

 

BACS can answer any questions you may have about managed service providers and how we can benefit your organization. Reach out to BACS today to learn more about our services and offerings. Our team can develop a comprehensive, customized plan that will make your life easier and help your business grow.

 

 

 

 

 

 

 

 

 

 

 

 

Cloud computing - cloud manged IT services

Cloud Computing Frequently Asked Questions

By | Cloud

New technologies continue to move the business world forward. Simultaneously, they create a lot of confusion and apprehension among business people and owners who tend to get intimidated by new business concepts.

While cloud computing had been growing in popularity over the last few years, it’s still a reasonably new concept to most people. Perhaps, you have thought about transitioning your company’s software, and computing needs to a cloud environment. If so, it’s very likely that you would have questions about the transition process and how cloud computing works.

To help you move closer to making the right decision about your company’s data needs, it makes sense to offer you a few answers to some common questions about this concept. The following question/answer format should help provide you with the answers you seek.

 

Question:

What does the transition process encompass, and how long will it be before my data servicing is fully operational offsite?

Answer:

The transition process requires some level of participation by company employees. However, hiring an IT professional consultant with related experience could help remove a lot of the burden off of your employees’ shoulders. Your company’s employees could focus on their everyday responsibilities while the IT consultant concentrates on implementing a parallel system with the cloud-computing facility.

As for time requirements, experts claim the entire transition process will usually take 10 to 14 days, depending on business size, the amount of data involved, and the services required.

 

Question:

How will my company’s data access be affected should there be a complete loss of Internet connectivity?

Answer:

The answer to this question is complicated. If you maintain updated synchronized copies of your data in-house, your employees might be able to continue working off of your local server. If not, your company would face one of two possible scenarios.

First, you could be out of luck if your service provider was a single office environment. You would have to wait until they were able to restore access. Under the second scenario, your primary facility’s location might be one of many sites your provider maintains. If that’s the case, it’s doubtful that all of their facilities will experience the same issue simultaneously. If the provider supports substantial redundancy, you might be able to access your cloud-computing environment through an alternative location.

 

Question:

How will a slow Internet connection affect our company’s work productivity?

Answer:

Data connection issues are hit and miss. Some days, the connection speed is adequate, while other days, it might be unbearably slow. The most feasible solution for this type of problem is the simultaneous synchronizing of data between the cloud-computing facility’s data servers and your in-house data server.

Here is how that might work. Most operating systems, Microsoft’s Windows included, offer a feature that can facilitate this kind of synchronization process. Somebody can do work on either server, with the data updated on the opposite server within seconds. Suppose your company is experiencing a slow period of connectivity. In that case, your employees could easily switch to working from the in-house server, knowing the data input will hit the cloud-computing server in short order.

 

Question:

How secure are cloud environments? Will we need to sacrifice some of the protection we have in-House?

Answer:

Of course, your number one concern will focus on security and the protection of your data. You need to understand that there is nothing about your ability to protect data in-house that can’t be replicated in a cloud environment. Your cloud-computing provider probably has access to substantial financial resources they can use to create multiple layers of security.

Another issue worth considering is that your employees are likely to make errors that could compromise the security located around your in-house server. That might include downloading files with viruses or forgetting to use secure passwords. For a cloud-computing provider, their reputation often rests on their ability to keep the client’s data safe. It’s a good bet they have procedures in place to protect against potential errors.

 

Question:

How easy is it to reclaim data should our company go out of business?

Answer:

At the point of implementation, you should receive information about how to proceed in case of an emergency. The information should include detailed instructions on how to recover all of your data without assistance from the facility’s personnel. If you were to encounter any problems, you should also have access to the emergency contact information that would put you directly in touch with someone who could help you proceed.

Ensure you receive copies of the facility’s disaster recovery plans, corporate insurance policy information, specific information about backup procedures, the exact location of your secured data, and any software licensing information you might need.

The bottom line is your provider is your data partner. They should be there to help you under any circumstance, even if your company is going out of business. Never settle on a provider that is unwilling to offer total transparency.

 

Question:

Will there be any special hardware requirements placed on our company?

Answer:

There is lots of good news here. By committing to a cloud-computing solution, you would need to invest less money in your data infrastructure. At most, you would only need one server to use as a backup, plus the workstations and printers you would need for your employees. You would also benefit by not needing to purchase state-of-the-art components because the real thrust of your computing power would be residing with the cloud-computing facility. The money saved could be quite substantial, depending on the size of your company.

 

Question:

Is there adequate protection against disasters, viruses, and errors that could affect our data?

Answer:

Again, cloud computing providers rely on reputation. Through economies of scale, they can provide all clients with a protection level that each client would have trouble providing for themselves.

 

Question:

Will training be available for my employees?

Answer:

Yes, your employees would get ample training related to accessing data and monitoring backup procedures. The training would come in the form of face-to-face live training sessions or through online webinars. Nothing would be permitted to go live until you feel your employees are up to speed and ready to go.

 

Question:

Is this the best data solution for a company with limited financial resources?

Answer:

The short answer is an emphatic yes. Your company would likely experience substantial annual savings in a lot of areas.

 

First, this data option offers the benefit of workforce savings. You would likely need less emphasis on hiring an IT professional because the biggest hardware concerns would fall under the cloud-computing provider’s responsibilities. You would not be responsible for hardware installations, maintenance of updates, and software licensing.

Second, you could save a lot of money on software if you were to choose a generic software system that’s already available on the cloud’s servers. Custom software programs can get quite expensive.

Finally, you could save money in the form of higher productivity among your employees. Instead of worrying about IT issues, they can focus on doing the jobs for which they are getting paid.

 

cloud computing - it services - cloud services

Different Types of Cloud Solutions and How to Decide Which One is Best For You

By | Cloud

Businesses worldwide have started implementing the use of cloud solutions for handling the storage of their technology needs. These solutions allow for off-site servers and hardware that is easy to access via the internet. There’s no doubt that this off-site setup allows for reduced business expenses in housing physical infrastructure and paying staff to manage it.

Considering moving to a cloud solution? You’ve likely been overwhelmed with all the options out there. From public clouds to hybrid clouds, which one is best for you? The truth is that each cloud computing solution offers different benefits for different businesses. We’re going to define each type of solution and explain when it’s best used.

1. Public Clouds

The most popular solution offered is public. The providers of this solution provide infrastructure and services for a large group of customers. This type of solution works best for collaborative projects and software development. Due to the easy scalability and pay-as-you-go structure, public clouds are an excellent option for developers to create and test their applications before switching to a private option.

The major pitfalls of public clouds are that users are under the full control of the solution provider. The solution provider could decide to change its platform at any moment or even shut down its operations. This situation requires consistent monitoring and quick response times from your business regularly. Public networks are also susceptible to more security issues as users don’t have any control over the security measures implemented for the network.

Pros

  • A massive amount of space offers easy scalability
  • Pay as you go structure
  • Quickly managed through a self-service web portal

Cons

  • Under full control of solution provider
  • Must-follow terms and conditions of solution provider
  • Susceptible to significant platform changes and provider shut down at any time
  • Unpatched security issues

 

Recommended For: Public clouds are best for those businesses that are not looking for a high level of data security or for companies that are just starting and have minimal investment funds. Public clouds tend to be preferred by software developers who need the convenience of easily scaling up their space without the massive infrastructure investment at first. Many developers, once finished, will switch from public to private for a more secure application.

2. Private Clouds

Private cloud computing offers a more secure solution for businesses that want their data to be accessible only by authorized users of a single organization. The actual infrastructure can be positioned on-site or accessed via a colocation provider. Since private clouds are under the full control of an organization, there is no threat of sudden changes or shutdowns.

While private clouds can be an ideal option for businesses with strict data collection and storage regulations, they can be very costly. Unlike public clouds, where you can use the massive amount of available space to expand easily, private clouds require more infrastructure and software to expand, making scalability time-consuming and expensive for any organization, big or small.

Pros

  • Can only be accessed by one organization
  • Customizable security and system control
  • No-risk of sudden changes
  • Can be hosted on-site or accessed online

Cons

  • Must pay for software and infrastructure
  • Expensive scalability

Recommended For: Private clouds are highly sought-after by businesses who work in industries with highly-restricted data regulations. These include financial organizations, government agencies, healthcare providers, and schools.

3. Hybrid Clouds

As the name suggests, hybrid clouds are both private and public clouds where businesses can utilize public clouds for some aspects of their business and private clouds for others. The hybrid model allows for seamless interaction between both private and public platforms. There are typically two ways to utilize hybrid clouds.

The first is cloud bursting when private clouds are used as a primary solution to store data and house exclusive business applications in a secure environment. In the cloud bursting model, public clouds are used as a backup resource to ensure exclusive applications’ seamless operation when the user demand increases beyond the private solution’s limits. This solution helps to save the business money as they don’t have to buy more infrastructure and servers to handle high demand times.

The second hybrid model is based on using public clouds for outsourcing non-critical business applications. Those deemed non-critical are applications like basic productivity tools. However, most applications and data storage is housed in private clouds for more secure access. This multi-cloud architecture allows businesses to take advantage of private security for regulatory needs while still enjoying cheaper public computing for basic tasks.

Pros

  • Allows for a cost-effective solution
  • Ensures a business can always meet user demand

Cons

  • Can be more difficult to setup
  • Can make business data more susceptible to threat when user demand is high

 

Recommended For: Businesses who deal with frequent spikes in demand. Some well-known businesses that use this hybrid model include Airbnb, Uber, and Netflix.

 

4. Community Clouds

 

Community clouds are commonly shared among businesses within the same industry. They work essentially as private clouds but shared among a handful of companies. This model allows for a multi-tenant environment that reduces the high cost of infrastructure and software for private clouds. Each community solution is jointly managed by members of the various businesses that utilize it. Community clouds can be housed on-premises, such as in a shared industrial building or at a chosen data center.

 

Pros

  • Much cheaper than a single organization private solution
  • Allows for optimal data security at more affordable costs

Cons

  • Network security depends on effective management of infrastructure
  • Relies heavily on other solution partners staying in operation

 

Recommended For: Common users of community clouds include those in the financial services sector, healthcare organizations, and government agencies.

As you’ve discovered, you need to choose from these four cloud solutions. These include public, private, hybrid, and community clouds. Picking the right one for your business to use comes down to a few main factors.

  1. Price plays a significant role in your ability to choose the ideal solution for your business. You may not have the money in your budget to use any private solution if you’re just getting started.
  2. Security Requirements vary depending on your industry. Some government regulations may require your business to have a private solution for data storage.
  3. User Demand, for some businesses, fluctuates tremendously. Having the available infrastructure to handle high times of demand is a must to keep customers coming back.
  4. Industry Partners can be a great asset to save money on data storage and operation solutions. Those with many industry partners may opt for community clouds instead of footing the large private clouds bill.

Choosing a cloud solution requires diligence and understanding of your business’s various options and the many benefits that those options can provide. By analyzing the factors above, you should be fully capable of selecting the right type of solution for your business.

cybersecurity trends

TECH TALK: 7 Trends You May Have Missed About Cybersecurity

By | Data Protection, Security

At any given point in time, there are numerous trending topics in cybersecurity. Change is one aspect of technology that we can always depend on, and that’s a good thing. We’re able to do more in less time than ever before. Of course, advancements in technology goes together with the cybersecurity landscape. As someone who has a key role in IT, keeping up with changes in technology and cybersecurity should be a routine task. However, there trending topics that are just beginning to emerge that you may not yet be aware of.

Here are seven cybersecurity trends you may have overlooked:

1: Bring Your Own Device (BYOD)

2: Internet of Things (IoT) Devices

3: Fifth Generation (5G) Technology

4: Social Engineering

5: Bitcoin Ransomware

6: Smart Contracts

7: Insider Threat

New call-to-action

1: Bring Your own Device (BYOD)

 

BYOD programs that allow employees to use their personal devices to access business assets on the job have been accepted by IT programs for a while now. They can be a bit unwieldy in terms of control, but the benefits to production and costs are difficult to ignore. Unfortunately, the security concerns are increasing. The main concerns with allowing personal devices to access a corporate network is that IT personnel are usually not aware of their connection to the network, there is usually minimal security features, they are easily stolen or misplaced, it is difficult to control how employees use them (they can easily download apps).

History has proven that the concerns listed above are serious. In 2017, the cryptocurrency firm Bithumb experienced a data hack that was traced to an employee’s home PC. That data breach exposed the personal information of 30,000 of the Korean company’s customer base.

If your organization supports a BYOD program, you can mitigate your risk by first developing a policy that outlines the requirements for use in the organization. It is a good idea to add controls to your organization’s Wi-Fi. These are often easily accessible by anyone who knows the password. There should be an acknowledgement before a device can connect to the organization’s corporate network. This could consist of requiring employees to register any device they want to connect to the network and implement security safeguards such as multi-factor authentication. You might also consider implementing a Mobile Device Management System (MDM) that functions like a global positioning system (GPS). These toe a fine line to privacy infringement, but there are MDM systems available that are less invasive.

 

2: Internet of Things (IoT) Devices

 

Wikipedia defines Internet of Things (IoT) as a “network of physical objects—’things’—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet.” While IoT devices include many of the popular smart devices that individuals use on a regular basis (watches, fitness trackers, alarms, biometric scanners), there is a growing use of these by organizations. For example, the healthcare industry uses IoT-connected sensors to improve the services they provide to patients.

The main security concern for IoT devices is the amount of data that is shared among interacting devices. According to a report by KPMG, 84% of IoT adopters have experienced a security breach. The advisory and audit firm offers the following three best practices for securing IoT devices:

  • Asset management – know the devices that connect to the organization’s network and the path they travel once they are outside the organization’s network.
  • Device Security – In addition to granting only authorized users access to business data using IoT devices, make sure these devices are protected by antivirus and encryption software, are kept updated with the lasts security software, and are monitored for suspicious activity.
  • create a vulnerability management program – “identify and fix weaknesses with a device”

 

3: Fifth Generation (5G) Technology

 

The growing use of IoT is stressing our mobile capabilities. The good news is fifth-generation wireless technology has arrived! Just as with its predecessors, this advancement in mobile communication offers faster download speeds, decreased latency, and more network capacity. The transition to 5G is just beginning and is predicted to reach full evolution by 2022.

Many of the cybersecurity risks associated with 5G networking will be addressed through the network’s builders. However, there are more responsibilities of IT departments. The increase in bandwidth that 5G provides also increases network monitoring tasks for IT departments. With data traveling much faster on the network, new strategies for monitoring the traffic will be necessary. 5G also transitions from a network that is based on hardware switching to one that relies on software digital routing. IT departments that are unable to keep up with the 5G advancements can expect an increased threat of distributed denial-of-service (DDoS), man-in-the-middle (MiTM), and botnet attacks.

 

4: Social Engineering

 

According to Verizon’s 2019 Data Breach Investigations Report, social engineering threat actions in data breaches have increased significantly more than any other type of threat in the past seven years. In the past, phishing (pretending to be someone else to persuade an individual to disclose their personal information) has been the most used form of social engineering.

The social engineering threats that are trending now include the following:

  • Smishing – Phishing via phone calls or text messages
  • SIM Swap – Fraudulently switching another individual’s mobile account information to gain access to bank and credit card accounts
  • Harpooning – Phishing by impersonating executives and using information from social sites
  • Pharming – Fraudulently installing malicious code on a PC or server. The code redirects any click to another fraudulent website without the user’s consent.
  • Deepfakes – Editing (using advanced AI technology) a legitimate video or voice clip for the purpose of acquiring personal information.
  • Vishing – impersonation via phone calls or voice message

Hopefully, your organization has already implemented email safeguards to detect and block suspected phishing communications.

Social engineering involves human interaction. The best safeguards are educating employees about the different types of social engineering tactics and how they should be cautious before responding to any type of communication, even if it appears to be from someone reputable. If possible, employees should use an alternate method to verify suspicious communications.

 

5: Bitcoin Ransomware

 

Using malevolent software for the purpose of blocking access to another’s system and requiring payment to unblock it is referred to as ransomware malware, or ransomware for short. This type of attack is often carried out by someone clicking a bad link that installs the ransomware on the system. The sophistication of the ransomware can vary. The most advanced types use encryption to prevent access to systems or files and require a decryption key. The latest form of requested payment for ransomware attacks is bitcoin because it is a digital currency that is quickly exchanged.

Ransomware is a serious problem. This was highlighted with the 2017 WannaCry ransomware attack that involved computer systems all over the world that had not applied a Microsoft software patch. Unfortunately, the trend is continuing. The most significant ransomware attacks as of June 2020 cost the victims more than $100 million to recover from the incidents.

Network and security monitoring software maker NetFort recommends the following five tasks to protect and recover from ransomware attacks:

  • Back up your data regularly
  • Make sure all systems that connect to the network have the most recent security updates
  • Implement anti-intrusion detection systems
  • Monitor network traffic for unusual activity
  • If a system is infected with ransomware, disconnect it from the network immediately and rebuild it

 

6: Smart Contracts

 

Blockchain, the technology that powers bitcoin, is being used in a variety of methods of exchange. Smart contracts are one of those. A smart contract is a daisy chain of encoded actions that are saved within a blockchain and digitally self-executing without the assistance of a third party such as a bank or attorney. Smart contracts are gaining popularity because of their transparency, speed, permanency, and non-editable characteristic. Although smart contracts are inherently secure (the data they contain are encoded), they are comprised of program code that is susceptible to vulnerabilities. The main security concerns with smart contracts are access control and undiscovered bugs in their programming code. One of the most newsworthy incidents occurred in 2017 when the code of a multi-signature wallet was exploited by a user by accident. The incident caused users of the wallet to lose more than $280 million because they were unable to withdraw funds from the digital wallet.

The best way to mitigate your risk with smart contracts is to:

  • Make sure the smart contract is 100% encoded (every record from start to finish). Access via private key should only be distributed to specific users.
  • Don’t lose your private key! Even better, your organization should consider engaging in smart contracts that use multi-access so that there is more than one point of failure.
  • Ensure the underlying code is bug free. This means to test, test, and test some more to make sure there are no vulnerabilities that malicious actors could take advantage of.

 

7: Insider Threat

 

An unfortunate trend that is increasing is that people who have or previously had legitimate access to an organization’s data may intentionally or unintentionally cause destructive actions. Insider threat occurs through multiple methods. An example of the significant damage an insider can cause is the ex-Cisco employee who caused $1.4 million in damages. The criminal left the company in 2018 and shortly thereafter installed malicious code from his old Google Cloud Platform account and subsequently deleted the nearly 500 virtual machines hosted by Cisco WebEx applications. Within two weeks, 16,000 WebEx accounts were deleted. In this case, the ex-employee somehow managed to maintain his access to Cisco’s cloud infrastructure after he left. It is not known how.

The Insider Threat Mitigation Guide  published by the Cybersecurity and Infrastructure Security Agency provides the following tips for establishing an effective inside threat mitigation program:

  • Identify and focus on those critical assets, data, and services that the organization defines as valuable
  • Monitor behavior to detect and identify trusted insiders who breach the organization’s trust
  • Assess threats to determine the individual level of risk of identified persons of concern
  • Manage the entire range of insider threats, including implementing strategies focused on the person of concern, potential victims, and/or parts of the organization vulnerable to or target by an insider threat
  • Engage individual insiders who are potentially on the path to a hostile, negligent, or damaging act to deter, detect, and mitigate

 

Conclusion

 

Is your IT department equipped to address the emerging cybersecurity threats? If you’re unsure, now is the time to determine your level of vulnerability and implement the necessary safeguards to ensure your organization’s assets are fully protected.

If you require assistance with assessing your needs and implementing the “right” IT security solutions for your organization, BACS can help. We are an experienced team of IT service professionals that work closely with clients to assess, develop, and implement security solutions that offer an ideal level of protection.