Five Tips for #CyberMonday

cybermondayWith #CyberMonday here, be careful – translation, very careful –  about your online activities today. For those of you who plan to make purchases either at lunch, break time, or at the end of the work day until midnight sales end, here are five tips to stay safe on the largest online activity day of the year.

[1] Make sure your desktop computer, laptop, smartphone, or mobile device has some form of anti-virus protection.

[2] If you enter your credit card or other personal information online, make sure that the website in the browser starts with HTTPS and not just HTTP, because the HTTPS encrypts the information you enter (credit card details, etc.)

[3] Do your research before you buy. Check out reputable sites such as to make sure you’re paying a legitimate price for your item. Also, don’t make any purchases from a site that doesn’t have a privacy policy – there should be an explanation as to how the site uses your personal information.

[4] Once you make a purchase, you may notice an influx of emails in your inbox. Since it’s the holiday season, be careful when you click on what looks like an email confirmation for your purchase. It’s possible that a spam email could contain a virus once you click “open.”

[5] Some sites request a password. Use a different password than what you use for your email addresses and social sites. And remember, you can choose to use an eCommerce site as a “guest” and not store any credit card information.

Lastly, remember to always log off from a site once you complete your transaction.

Happy #CyberMonday – shop smart and stay safe!


Image Credit: Debbie Laskey via

Posted in Cybersecurity, data protection, Email, Mobile Computing, Online Privacy, Online Security, Social Media | Tagged , , , , | Leave a comment

Does Your Mobile Strategy Include Mobile Capture Technology?

MobileRiskThanks to evolving technology, it seems as if some form of new technology is introduced every week. One new technology is referred to as mobile captures. No, this doesn’t mean taking a photo of something from your smartphone or mobile device. Also referred to as a mobile imaging solution, a mobile capture is software specifically loaded onto your smartphone or mobile device that allows you to use your camera to take a photo of a document to perform a variety of tasks. These tasks facilitate commercial transactions, such as, depositing a check, paying a bill, enrolling in a new service, obtaining a quote, and much, much more.

Mobile capture capability turns smartphones into information capture devices with more dynamic apps that meet customers where they are, when they want to be engaged, and on their preferred channel.

“Mobile technology is at the epicenter of this disruption,” according to Michael Reh of Bangalore-based Infosys Finacle, “transferring as it does, more power to end-users. The next generation of banking customers has high expectations from banking, spilling over from their experience with digitally progressed verticals, such as, retailing or telecom. They will take their business to the providers that fulfill their expectations of what banking should be: seamless, convenient, personalized, and needless to say, completely digital. Increasingly, those providers will be niche players with mobile and mobile-only offerings – think payments, P2P (Peer-to-Peer computing or networking) and small business loans, and even deposits – that will disintermediate and disengage traditional banks from their customers.”

Check out these stats courtesy of MitekSystems:

*By 2016, mobile banking will grow by 300 percent – fueling that growth will be mobile deposit and mobile photo bill pay.

*By 2016, the number of customers depositing checks with their smartphones will expand from 12 million to 48 million.

*By 2016, the number of customers paying bills with smartphones will grow from 14 million to 57 million.

*Nearly 1 in 5 is expected to use smartphone deposit checks by 2016 – up from 1 in 20 in 2012.

And these stats about Millennials:

*83 percent of millennials think mobile capture will be part of all mobile transactions in the next five years.

*68 percent of millennials got their first exposure to mobile capture with Mobile Deposit.

*Millennials want more mobile capture across industries: retail, insurance, credit cards, healthcare, and education.

According to Kevin Craine of Craine Communications Group, “58 percent of American adults use a smartphone, over 40 percent own a tablet, and mobile computing grew by over 80 percent just last year alone.” These incredible statistics show how critical it is for companies to embrace mobile capture, the ability to capture document images and upload them on the fly.

If you are wondering why, the answer is simple. Mobile capture is quickly becoming an important differentiator, especially for companies in the traditionally document-intensive industries including banking, law, accounting, insurance, healthcare, and government operations.

Consider the amount of paperwork involved in the loan process for a piece of property or the amount of paperwork when purchasing or leasing a new automobile. What happens if you leave the bank only to receive a phone call that you need one remaining piece of documentation? That’s where your smartphone comes in handy. Simply take a photo of the document, click on a link in an email, and upload the image. The result is better service and the elimination of a delay in the process.

Ask before you offer mobile captures. The first thing is, if there are compliance rules you are required to follow, that alone can determine if you are able to offer this capability. Will mobile capture capability deliver business value? Do you have a repository in place to store images coming in, and how will your business manage them once they arrive? What about image quality control? In terms of ROI, how much efficiency will be improved as a result of adding mobile capture capability to your business?

Lastly and most importantly, what kind of security measures will be in place? If an employee in the field with mobile capture capability loses his or her smartphone, what procedures are in place to secure the data? How about accessing that data? You must make certain to implement the same encryption, password protection, and other data security measures that you provide to all other internal processes.

With so much important information loaded onto smartphones, take the time to protect the info on your device. Here are three easy tips:

[1] APPLY A SCREEN LOCK: With so much personal information stored on our mobile devices, it is unwise to leave them open for anyone to access. Unfortunately, only half of smartphone owners use a lock code. A simple password, pattern, or fingerprint lock creates a barrier to anyone who tries to access your data.

[2] PRACTICE SAFE WEB SURFING/DOWNLOADING: Just like your computer, your mobile device is susceptible to malware. The process of keeping a clean phone requires many of the same habits as keeping a clean computer: avoid unsafe websites, do not open email attachments or links from unknown senders, and stay away from apps from unknown publishers and alternative app stores.

[3] ACTIVATE REMOTE WIPE CAPABILITIES: If someone does steal your smartphone, remote wipe programs can make it impossible for them to access your information even if they know or guess your password. As a business, you should keep administrative control over employee smartphones that have this capability so that network access can be shut off immediately if a smartphone is lost or stolen.

Image Credit: Stuart Miles via

Inspiration for this post: “Are You Ready for Mobile Capture?”

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Mobile Computing, Online Privacy, Online Security, Tech Equipment | Tagged , , , , | 1 Comment

Don’t Forget Security When Considering a Merger or Acquisition

security keyboard imageIn today’s competitive era, businesses all want to stand apart from the competition. Some businesses may provide a truly unique product or service, some may have a celebrity endorsement, and some may sport a memorable name. But as businesses become more successful, another option for further growth is in the arena of mergers and acquisitions.

According to Wikipedia, “Mergers and acquisitions (M&A) are both aspects of strategic management, corporate finance and management dealing with the buying, selling, dividing and combining of different companies and similar entities that can help an enterprise grow rapidly in its sector or location of origin, or a new field or new location, without creating a subsidiary, other child entity or using a joint venture. M&A can be defined as a type of restructuring in that they result in some entity reorganization with the aim to provide growth or positive value…From a legal point of view, a merger is a legal consolidation of two companies into one entity, whereas an acquisition occurs when one company takes over another and completely establishes itself as the new owner.”

While legal and accounting experts are part of all M&A deals, the expert that should always be part of the discussion and due diligence is the CISO (Chief Information Security Officer), or if a business does not have a designated security professional, that hole should be filled by someone with expertise in the information security arena.

During the due diligence process prior to a merger or acquisition, make sure that the business places a value on data security, information security, and data protection. Asking these questions may change your mind about moving forward with the merger or acquisition:
[1] Who is responsible for security?
[2] What protocols are in place to protect customer data?
[3] Have any data breaches happened?
[4] What were the protocols and timeframes for alerting customers, other stakeholders, and the media?
[5] What were the changes that were made following any data breaches? What were the lessons learned?
[6] If a breach were to happen during the due diligence phase, who will have financial responsibility?
[7] Are your computer systems compatible? If not, how soon can they be made compatible or identical? When two systems are joined together and are dissimilar, the potential for a breach is more likely due to the vulnerabilities created when two incompatible systems merge.

According to Scott Koller, lawyer at BakerHostetler, “The problem is that cybersecurity is not taken as seriously as it should be, or there is an under-appreciation of the risk. I think it is now on people’s radar, whereas before it may have been an afterthought.”

Unfortunately, according to Koller, too many people have a “check-box” mentality when it comes to information security. Does a business have a firewall? Check. Does a business use anti-virus protection? Check. Does a business back-up regularly? Check. Are there duplicate back-ups? Check. Then, however, the due diligence process moves on to another topic, instead of delving deeper into the information security areas of protection.

According to Ron Arden, vice president and CMO at Fasoo, “An acquirer need to understand the assets and liabilities it is acquiring, and look at adequate security as a business risk, just as leases, debt, and potential litigation are liabilities.”

So the next time you’re in the merger/acquisition market, be sure to include a thorough review of the information security risk before signing on the dotted line.

Image Credit: Stuart Miles via

For more tips on this topic:

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, corporate data, data protection, Data Security, Management and Technology, Network Security | Tagged , , , , , | Leave a comment

Does Your Business Offer Mobile Payments?

mobilepaymentThere are many ways that your business can stand out. Your brand can have a unique name, think Google, Zappos, or Amazon. You can create a new way to provide your product and inject innovation into a stagnant industry, think Starbucks for the coffee industry or Saturn for the automobile industry (although it was short-lived, it was still a trailblazer). Or, you can stay ahead of the curve when it comes to technology. One example is with mobile payments. Instead of paying with cash, check, or credit cards, a consumer can use a mobile phone to pay for a wide range of services.

With the abundance of smartphones, it seems as a natural progression for people to use smartphones to make payments. However, only a small percentage of smartphone users (early adapters) are doing this now. But once there is a clear technology winner among the competing companies (Apple Pay, Android Pay, and Samsung Pay) and better quality security measures are put into place, more people will use the technology. Today we stand at a crossroads similar to the VHS vs. Betamax battle from several decades ago.

Not all companies use all of these technologies to allow customers to make payments yet. So where you may purchase a latte at Starbucks with Apple Pay, you may not be able to do the same at Best Buy. If the theory behind these devices is to be able to help you track your spending on the fly, it will be hard to do that if you cannot use your device everywhere you shop.

Starbucks allows customers to pay with their smartphones at check-out with the use of an optical scanner. The scanner reads a user’s smartphone screen and deducts money from a Starbucks card or the Starbucks app.

Some companies, such as, Dunkin’ Donuts, have joined the mobile payment party through the use of their own app. This particular app stores money on a Dunkin’ Donuts card that is connected to a customer’s smartphone. Users authorize their payment via the phone and scan the smartphone screen over an optical laser reader at checkout. These apps keep your data outside of your “wallet” and put them generically into the cloud instead of storing them on your device – which brings up another set of security issues.

These advances have yet to reach critical mass. Questions that still need to be answered are: What if one’s smartphone is compromised due to a malware attack? The device is still in the person’s possession but one or all of his or her credit cards are compromised and his or her bank accounts have been compromised as well. How do we handle what should now be considered an issue of non-repudiation since the device was in the user’s possession at all times? That person could have very easily conducted the fraud on themselves. Now, these cool capabilities don’t sound so impressive. In fact, instead, there are some serious consequences.

According to a recent survey by Experian, sponsored by the Ponemon Institute, technology and risk management executives believe that mobile-related payments technology will increase the risk of a data breach at a time when the retail and banking industries are still recovering from major retail breaches over the past two years and are currently preparing for the EMV liability shift in the U.S. (EMV stands for Europay, MasterCard, and Visa, the three companies which originally created the standard for smart payment credit cards; now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.)

Experian and Ponemon surveyed nearly 25,000 technology and information security, risk management, product development, and other professionals involved in the payments systems within their organizations. The survey results were part of a report called “Data Security in the Evolving Payments Ecosystem,” and final results were based on 748 completed questionnaires.

Survey respondents reported that the most likely mobile innovations to increase the risk of a data breach are mobile payments in stores (59 percent), e-wallets for retailers (58 percent), mobile payments on devices and apps (57 percent), and mobile payments on NFC (54 percent). (NFC stands for near field communication and is the set of protocols that enable electronic devices to establish radio communication with each other by touching the devices together or bringing them into proximity.)

According to Michael Bruemmer, Vice President of Experian Data Breach Resolution, “There are opposing spheres in this argument [of innovation and security]. There are the people that want to expand and use technological innovation and take advantage of that in the implementation, but then you have the clashing interest with the security folks who are saying, ‘Wait, new tech is great, but it’s only as great as the security you build in.’”

In the midsize market, it will be important to analyze the pros and cons of instituting a mobile payment option. Therefore, ask these questions first:
* Who are your customers?
* What are the best methods to reach your customers?
* Based on the demographics of your existing and potential customer base, are they tech-savvy enough to be comfortable using mobile payments?
* What security protocols will be implemented to protect customer data?
* What will the action plan be if a data breach happens?

In the words of American businessman Nicholas Negroponte, “Computing is not about computers anymore. It’s about living.” So, to modify a line from the famous Capital One Credit Card ads, “What’s in your smartphone wallet?”


To read more on this subject, check out “Mobile Payments: Innovative, But with Security Concerns”

Image Credit: Mapichai via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, Cybersecurity, Internet of Things, Mobile Computing, Online Security, Tech Equipment | Tagged , , | Leave a comment

Does Your Business Think Like A Tech Company?

technologyHow often does your business stand out from the competition? Is your business an industry leader or just one among dozens or even hundreds in your industry? Does your leadership team dream of being the Google, Microsoft, Apple, or Amazon of your industry? I read a recent post about the banking industry that offered an interesting perspective. Perhaps, there’s an easy way to accomplish this: Think like a tech company.

“Technology companies are forcing the evolution of the banking industry, compelling traditional financial institutions to emulate [tech firms’] attributes.” Ashley Veasey, Barclays Africa Group CIO, explained, “Banks need to start thinking and working like technology companies, and use innovative thinking and big data to better understand their customers.”

As YOUR business grows, how much time, budget, and strategic planning are applied toward your customer data, or in the lingo of tech companies, big data? Wikipedia defines big data as “Data sets so large or complex that traditional data processing applications are inadequate. Challenges include analysis, capture, data curation, search, sharing, storage, transfer, visualization, and information privacy. The term often refers simply to the use of predictive analytics or other certain advanced methods to extract value from data, and seldom to a particular size of data set. Accuracy in big data may lead to more confident decision-making. And better decisions can mean greater operational efficiency, cost reduction, and reduced risk.”

Here are some statistics that may convince you to understand your data, according to Forbes columnist Bernard Marr:

[1] This year, over 1.4 billion smartphones will be shipped – all packed with sensors capable of collecting all kinds of data, not to mention the data that users created themselves.

[2] By 2020, there will be over 50 billion smart connected devices in the world, all developed to collect, analyze, and share data.

[3] By 2020, at least 33 percent of all data will pass through the cloud (a network of servers connected over the Internet).

[4] For a typical Fortune 1000 company, just a 10 percent increase in data accessibility will result in more than $65 million additional net income.

[5] At the moment, less than 0.5 percent of all data is ever analyzed and used.

How much strategic planning is applied toward the process of innovative thinking to better understand your customers? According to Wikipedia, “Innovation can be viewed as the application of better solutions that meet new requirements, inarticulated needs, or existing market needs. This is accomplished through more effective products, processes, services, technologies.”

If your business strives to stay ahead of the competition – no matter the industry – you should start thinking like a tech company. With all the screens available to customers, i.e., desktops, laptops, and smartphones, and all the communication vehicles available for outreach, i.e., email and texts, no one is ever truly unplugged. This means that your business should consider all the ways that customers can connect and engage with your business.

As these connections happen, does your business capture customer data in a secure manner? How many systems are in place to safeguard the data? What happens if a data breach happens? What are the procedures to alert customers and the media?

So let’s return to the banking industry. To quote Alistair Peterson, Frost & Sullivan Africa Director of Growth Implementation Solutions, “Traditional banks cannot survive without becoming agile in their ability to develop customer experiences that surprise and delight through the use of various technologies. It is called the omni-channel experience, and traditional banks need to be at the vanguard or these new technologies.”

Your business doesn’t have to think like a bank, but I strongly recommend that you consider technology industry attributes. Your business longevity could be at stake.


Inspiration for this post:
“Banks Must Think Like Tech Companies”

“Big Data: 20 Mind-Boggling Facts Everyone Must Read”

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Big Data, Business Process, Cloud Computing, corporate data, Management and Technology | Tagged , , | Leave a comment

How to Make Sure Your Brand Is Not #1 When It Comes to Cybersecurity Breaches

cybersecuritybreachAccording to a recent post in NetworkWorld by Maria Korolov, the Massachusetts Institute of Technology (MIT) scored at the bottom in a cybersecurity survey of 485 large colleges and universities. For a prestigious university known internationally for producing talented individuals in the fields of technology, mathematics, statistics, and science taught by intelligent and knowledgeable professors, how did such a negative score happen?

SecurityScorecard, a security risk benchmarking platform, analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators. (The full report can be downloaded for free by clicking here.)

SecurityScorecard’s Chief Research Officer Alex Heid explained, “When we dug in, we found that there are a lot of exposed passwords, old legacy systems, and a bunch of administrative subdomains that seem to have been forgotten about. It’s common at colleges for students and faculty to move on and forget to shut down old projects.”

This report serves as a lesson to all industries and all sizes of businesses. First, no matter what INDUSTRY you’re in, you’re vulnerable. Don’t assume that you’re immune because you aren’t a financial institution, government entity, health organization, retail outlet, or educational institution. Second, no matter what SIZE your business is, you’re vulnerable. Hackers can, and are, everywhere. A mom-and-pop or family-run business is just as vulnerable as a publicly-traded Fortune 500 business – and just as vulnerable as all sizes in between.

But the most important lesson to learn from this report is that small and relatively obscure brands are just as vulnerable as the big and well-known brands. We learned this when the breaches occurred with Target, Anthem, United Airlines, UCLA Health System, and Mandarin Oriental hotels. Many experts thought these big businesses were immune. They were wrong.

Naturally, as all marketing experts say, you want your brand to be an industry leader. But in this instance, don’t let your brand be an industry leader when it comes to cybersecurity breaches. Instead, spend the time to implement these five recommendations:

The older a piece of software becomes, the greater the chance that hackers will discover vulnerabilities. Patch management helps alleviate this issue because as vulnerabilities are found, they are patched by the developer. Although an internal threat can bring a payload in-house through USB, DVD, or other bootable media that can attack a particular vulnerability. A patched vulnerability gives one less attack surface for a hacker to try in his/her attempt to gain a foothold.

Unfortunately, the biggest risk to security is us. Human beings have a tendency to be sloppy with security protocols. As security personnel, we are taught that the best passwords consist of lower and uppercase letters, numbers, and special characters. Yet, people will always stick with the simplest things so that they can remember them.

Make sure that you’ve trained employees about what to look for when opening email messages. Since many breaches happen as a result of opening email messages and attachments that should never have been opened, instruct employees to instantly delete emails that come from people they don’t recognize or receive email attachments from employees or people outside the company that they weren’t expecting.

Implement a disaster recovery plan so that all employees know who will access corporate data – and which data – in the event of a disaster and the amount of time that data may not be accessible – if at all, and the procedures to recover data after the disaster.

Accept the fact that a breach may happen. But, if you back up your data on a regularly-set schedule depending on the value of your data and how often it is changed or updated, the re-creation of your data will not be one of your business’ headaches.

Since consumers can learn about breaches as soon as they happen, businesses should take responsibility and inform the public as soon as possible. The Privacy Rights Clearinghouse features a Chronology of Data Breaches and is updated daily. Here’s the link:

In case you’re wondering, the highest scoring university may surprise you: Merced Community College in Merced, California.

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, corporate data, Cybersecurity, Data Breach, data protection, Data Security, Disaster Recovery, Email, Management and Technology, Network Security | Tagged , , , , | Leave a comment

Does Your Business Have a Cloud Computing Usage Policy?

cloud and rainMany businesses have a Bring Your Own Device (BYOD) to Work policy, a risk management policy, and some businesses are even tech-savvy enough to have a social media policy. Some businesses go one step further and introduce and review all these policies during the onboarding process for new employees. But while many businesses expect employees to collaborate on work either while in the same office or remotely, they are placing their data at risk if they don’t have a cloud computing usage policy.

In simple terms, cloud computing is the process of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than using a local server or a personal computer.

According to Wikinvest, “Cloud computing allows consumers and businesses to use applications without installation and access their personal files at any computer with Internet access. This technology allows for much more efficient computing by centralizing data storage, processing, and bandwidth. A simple example of cloud computing is Yahoo email, Gmail, or Hotmail. All [the user needs] is an Internet connection [to] start sending emails. The server and email management software is all on the cloud (Internet) and is totally managed by the cloud service provider Yahoo, Google, etc. The consumer gets to use the software alone and enjoy the benefits. The analogy is, ‘If you need milk, would you buy a cow?’”

What should you consider as you create a cloud computing usage policy? Here are five key items:

Which members of your team should access the documents stored in the cloud? If you grant universal access to the stored documents, you may be giving away keys to your data. Think about your data as if it were in a vault. How much you spend on the vault is determined by how much your data is worth. There are different levels of need for access – for example, some Vice Presidents may have greater need than IT managers, or vice-versa. You are not obligated to provide the same level of access to all employees. It’s called “least privilege.”

How often do your employees add documents to the cloud? If your team uploads data on a daily or weekly basis, then the cloud may be an important way for your team to interact and work. But if your team only accesses the cloud once a month, you need to reconsider the cloud as an efficiency tool. Is it really worth the cost?

Have you decided on the parameters of using the cloud? For example, there may be specific types of documents that should reside in the cloud rather than others. Do employees store Word documents, Excel spreadsheets, pie charts, PowerPoint presentations, photos, etc.? For your employees to understand the benefits of using the cloud and to be proactive in protecting your business’ confidential data, they need training. Maybe you use a hybrid system where your confidential documents, such as intellectual property, are kept in-house and your other documents are kept in the cloud. Unfortunately, there are too many businesses that allow their employees to store whatever they wish in the corporate cloud. This can become a sticky legal issue if it is found that the employee is using it to store illegal information, other companies’ intellectual property, or any type of data that can place your company in a position to be sued.  Establish rules that must be followed and let the employee know that any wavering from the acceptable use policy will be grounds for termination. Be sure to have your attorney approve the document and make sure all employees read it and sign it. A part of an employee’s training is to educate him or her on the use of public cloud sites. Train employees to understand that uploading corporate data into their public cloud site is unacceptable. And finally, you must establish a password policy that everyone must follow: at least 10 characters comprised of uppercase, lowercase, numbers, and special characters – or use biometrics. Run this policy through active directory so it is enforceable. Don’t leave it up to individual users.

How necessary is it to keep your documents in the cloud and do they remain there indefinitely? If it is a team project and the project is finished, does it really need to remain in the cloud? There should be a defined lifespan for the data to reside in the cloud. Maybe confidential docs should only reside there as long as they are being worked on – and non-confidential docs can remain indefinitely. But the one thing to remember is that the cloud is never permanent. Very few providers will last for years – or the fees that your company will be charged will become exorbitant. Think about a guest in your home: that person stays for a limited amount of time (hopefully) and then leaves. The same rule should apply with the cloud – store your documents there, work on them, and then do what your cloud policy says to do.

Did you know that most cloud based companies do not back up your data? They will do it for themselves, but if you want to retrieve your data, especially from a long time ago, you may be out of luck. You may be able to retrieve it, but it will cost you a lot of money. If you need to recover deleted data, such as, purged email from a long time ago, you might find your SaaS or PaaS providers like, Google Apps, Microsoft Office 365, Amazon Web Services, etc., unable or unwilling to help. Recently, a new use for “the cloud” has come about. It is called cloud to cloud backup and recovery. It is automatic and saves all of your data from whatever PaaS or SaaS you are using. My mantra of “It is not if you lose your data, but when” has unfortunately rung true many times for many people. Using cloud to cloud backup and recovery might just make that saying obsolete. That is of course, if it is set up and managed correctly.

Remember, clouds can burst, and you don’t want your data raining down somewhere it doesn’t belong.

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, BYOD, Cloud Computing, Cybersecurity, Data Breach, data protection, Data Security, Management and Technology, Network Security, Telecommuting | Tagged , , , | Leave a comment

Don’t Forget Security When Developing Corporate Mobile Apps – Time for Another Look


About a year ago, I wrote a post about the importance of security when developing mobile device apps. As part of the post, I also discussed the importance of security when evaluating the “bring your own device” to work (BYOD) phenomenon and the growth of the Internet of Things (IoT). Today, a year later, it’s time for another look.

If you’re creating an app, are you using tools provided by a managed service provider (MSP) allowing multiple people in multiple places to work on it? Does the MSP charge by the seat for the tools to be used, or is it a group license? Today, businesses try to offer apps on both the Android and iOS platforms, so you need to make sure that tools for both platforms are available. Most importantly, before launch, test your app over a wide range of devices and employ as many testers as possible.

Now, how many businesses have apps specifically designed for their industry? Recent developments, especially in the healthcare sector, require customized apps to better serve the needs of their stakeholders, in their case, patients and medical care professionals. In addition, healthcare organizations are also finding that off-the-shelf apps don’t always meet their needs. A side benefit to creating a customized app is that a business can release it in the general marketplace and create another revenue stream.

As the BYOD phenomenon further evolves, businesses are finding that apps may not exist that work both for their organization’s devices and their employees’ devices. This propels businesses to develop apps to perform on a myriad of devices.

Of course, this leads us to the elephant in the room: users’ privacy concerns. What information does your app require in order to download it? In an industry with compliance issues, one must be sure that the requirements for regulatory environments are met.

If you’re putting your app into the open market, how is cost determined? Is user information more carefully guarded if the app has a cost associated with it (data saved to the cloud) or some usability is deactivated if the app is offered for free? For example, apps that track your health and well-being: if the app is paid for, is the data being used offering real-time health status versus a free version of the app that may only provide limited use.

If your business has created an app, how do you measure its success? By the number of downloads? By the number of reviews? By the number of in-app purchases? Or by some other metric? However, don’t ever forget that you have an obligation to your users to protect their confidential information – regardless of if they paid for the app or got it for free.

Lastly, consider this scenario. What if your app is hacked? What measures are in place to protect your users’ information? Do you have a protocol in place to notify users of the breach? Do you have a procedure in place that will take the app down and rebuild it? Don’t enter the app market if these questions aren’t answered first.

Image Credit: KROMKRATHOG via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in BYOD, Data Breach, Data Security, Internet of Things, MSP, Privacy Rights | Tagged , , , , | Leave a comment

The Managed Service Provider (MSP) Quandary: They’re Only as Good as You Allow Them to Be

mspWhen I hear of managed service providers (MSPs), I think of services in a compartmentalized box or a box of Legos. While that may be a simplistic view of what a MSP is, it actually fits because that’s how companies tend to use them. They take parts that they want from a box and leave others that they don’t want. And as an end-user chooses a product or service from the box, the pieces are attached together to form an organization’s total service solution. This process is used whether it is a small company or a Fortune 500 company.

After an organization’s needs have been met, and after the service level agreements (SLAs) have been signed by the appropriate departments within an organization, then the work begins. But, the relationship can become problematic even when the relationship begins under the best of circumstances. A business relationship can spiral out of control very quickly because the organization may not believe that the MSP is doing its job correctly, or even worse, the organization blocks the MSP from doing its job.

There’s an old saying in the tech industry: “Working with computers would be great if it weren’t for the clients.”

When a business is paying for services, you would think that it would listen to its hired service provider, but that is not always the case. This is sometimes the case for services that cost above and beyond the price of the MSP. For example, through monitoring, it is determined that more cloud storage is needed, or a system critical server is about to fail. The organization says, “We don’t need that right now.” Translation: “We don’t want to pay for that right now.”

So the MSP team has issued the warning and laid out the evidence to support its findings, but the organization fails to act. So what happens when systems fail? You guessed it. The organization blames the MSP for not being adamant about the problem before the crisis erupted.

Or, the organization fails to listen to the MSP for no apparent reason. For example, a major organization receives a call from its MSP that monitors security. This MSP calls the security manager at the organization and tells the main contact that there’s a high probability of a major breach. Instead of taking immediate action, which might include checking the security infrastructure and searching for holes, the security manager ignores the warning. So what happens? A breach happens, and it causes millions and millions of dollars in damages.

But, let’s not forget. The MSP did the job that it was paid to do – a job that cost this organization a lot of money per year, and a major breach happened because the organization failed to act on intelligence that the MSP had provided. This error in judgment not only cost the organization money – but most likely, its reputation as well.

So before hiring an MSP, consider this. How much is its advice worth to you? Are you going to listen when the MSP gives advice, or will you listen ONLY when you want to? Granted, there are some MSPs that just want to take your money and provide lousy service, but for the most part, MSPs are honest. MSPs offer important services that your organization cannot handle due to manpower, space, equipment, or infrastructure issues such as the inability to manage disaster recovery, backup, and other infrastructure limitations.

The right MSP that’s the right fit for your business can help make your business run smoother and recovery much quicker.

Image Credit: Pakorn via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Cloud Computing, corporate data, Data Breach, data protection, Data Security, MSP, Network Security | Tagged , , , | Leave a comment

5 Must-Ask Questions Before Adding the Cloud to Your Infrastructure

cloudcomputingIn a previous post, I asked, “Is Your Business Ready for the Cloud?” Five key issues were detailed to assist midsize businesses before making the decision to move to the cloud.

But once your leadership and IT teams make the decision to move data to the cloud, your next step should be to sign a vendor agreement with your cloud provider. Don’t move forward without having your leadership and IT teams review the agreement in its entirety, and even better, include your legal team in the review process.

According to the IBM Center for Applied Insights:
“By 2016, cloud computing will matter more to business leaders than to those in IT. According to a recent study conducted by the IBM Center for Applied Insights, cloud’s importance to business users is expected to grow to 72 percent, exceeding its importance to IT users at a mere 58 percent.

While it may not generate the same breathless excitement it once did when the technology first emerged, “The Cloud” has undoubtedly become ubiquitous. As the technology matures and lingering security concerns dissipate, even the most conservative businesses have jumped on the cloud bandwagon. According to a study released in 2013 by the IBM Institute for Business Value, 64 percent of CIOs plan to invest in cloud over the next few years.

And as cloud technology continues to mature, how companies use cloud will also continue to evolve. What was once primarily used for cutting costs is growing into so much more. Today’s companies are increasingly looking to the cloud to not only improve efficiency, but also to innovate and create.”

What was once only for storage now includes the following technologies:

[1] SaaS = Software-as-a-Service: using a product such as an Office-like suite of software in the cloud environment.

[2] IaaS = Infrastructure-as-a-Service:  a form of cloud computing that provides virtualized resources over the Internet. The definition includes such offerings as virtual server space, network connections, bandwidth, IP addresses, and load balancers.

[3] PaaS = Platform-as-a-Service: a service that can be defined as a computing platform that allows the creation of web applications quickly and easily.

[4] DRaaS = Disaster-Recovery-as-a-Service: businesses that do not have the time or resources to manage a disaster recovery plan and regular service can outsource this process.

As you review a cloud computing agreement, also known as the service level agreement (SLA), make sure to ask these five critical questions and listen, really listen to the responses:

[1] What happens if there is a data breach?

[2] What procedures are in place to mitigate a data breach?

[3] How quickly do you handle credential changes, for example, when an employee is promoted, hired, or fired?

[4] Do the terms of the SLA reflect an understanding of compliance regulations when it comes to physical data storage requirements? For example, depending on industry and regulations (healthcare, financial, etc.), data may sometimes have to be stored within the state where business is conducted.

[5] What security measures does the cloud vendor put in place to protect its data and data centers? This means physical security as well as internal, electronic, and web facing.

So, has your business moved to the cloud yet, and if yes, what was your best cloud story, good or bad? Since others can learn from your experiences, please chime in.

Image Credit: digitalart via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, corporate data, Data Breach, data protection, Data Security | Tagged , , , | Leave a comment