New technology can benefit companies in all industries. Reading about the possibilities is exciting. Business leaders are eager to get on the bandwagon. Leaders can become impatient when they learn the competition has implemented something like cognitive technologies to solve a problem and gain a significant advantage.

Ultimately, companies recognize that digitizing operations and developing a digital strategy is necessary. The fear is that the longer they wait, the more at risk they put the future of their company. Jumping all in for transformation becomes an irresistible temptation. Too many business leaders want to make fast decisions for fear of missing out. They start the process before they’re ready. Transforming processes before you are ready leads to frustrations and unrealized benefits.

Use Managed Services as an Intermediary Step

Part of the challenge for many companies has legacy systems, and they’re not in a position to retire them overnight. Leaders will realize when the next natural progression is to switch to modern applications. Partnering with a forward-leaning technology company like IronOrbit can enable baby steps towards modernizing your operations. This approach affords the time to determine which tools are critical for sustainable growth and which are not.

You build incremental confidence in the technology, while IronOrbit can make recommendations based on your immediate, mid-range, and long-term strategy. And it’s okay if there is no long-term strategy other than fortifying and growing your business. IronOrbit, as your managed service provider, can help supply the missing pieces of the puzzle. You will begin to approach digital more like the business decision it is. An incremental approach enables digitization and adoption of new technologies when it makes sense. Digital and business strategies must align and integrate throughout the organization.

Corporations have silos of group activity. They’ve been that way for over a century. Anything to do with IT would be the purview of a secluded department or an enclave of tech-focused professionals. When you talk about digital transformation or adopting new technologies, you’re talking about a change of one kind or another. Certain company cultures can adapt more quickly than others. Still, change can be complicated. As your Smart Managed Service Provider, IronOrbit helps to simplify the process and make it substantially more manageable.

Begin with the End in Mind

A digital transformation can mean different things to different people. It might mean software to increase operational efficiencies for one, or develop an omnichannel retail strategy for new product offerings for another. Start by clarifying why undertake the transformation and what business opportunities will arise from the changes. The more you know about what challenges you want technology to solve, the easier it will be to build the proper foundation.

In Conclusion

Adopting new technologies should be seen as a marathon and not a sprint. Take the time to understand which technologies perform what kinds of tasks. Identify a prioritized portfolio of projects based on business needs. The close collaboration of in-house technology leaders and C-level executives will become increasingly crucial as acceleration (technology and change) continues. CIOs and CTOs have the expertise to help navigate a straightforward integration of digital and business strategies.

IronOrbit ensures you’ll have a map to successfully evaluate and integrate new technology while balancing the upgrade and management of existing systems.

Learn more about how to adopt new technologies for your company here. 

or Call us at (714) 777-3222.

The post How to Adopt New Technologies first appeared on IronOrbit.

Cyberthreats to your business are at an all-time high. They are, as President Biden states, “the defining threats of our time.” Is your company prepared to withstand such attacks? According to a recent Gartner article, business leaders need to do more to strengthen their cybersecurity.

“There are only two types of companies: Those that have been hacked and those that will be hacked.”

Robert S. Mueller, former Director of the FBI – 2012

“There are only two types of companies: Those that have been hacked and those who don’t know they have been hacked.”

accredited to John Chambers, CEO Cisco – 2019

Days before Russian tanks began rolling into Ukraine; a significant connectivity outage hit Viasat Inc. (VSAT). The Carlsbad, Calif.-based company is a leading provider of high-speed satellite broadband and secure networking for military and commercial customers worldwide. Viasat modems control thousands of wind European wind turbines. Suddenly, they went offline. The outage hobbled the Ukrainian military as generals began preparing for the Russian invasion. Reuters later reported the blackout to be sabotage.

Although most well-organized ransomware gangs are in Eastern European countries, state-sponsored hacking groups are from China and North Korea. They use sophisticated tools to embed malware deep inside the most extensive networks. In many cases, malicious code can go undetected for months, infecting millions of computers.

On January 15, 2022, members of one of the main ransomware gangs, Our Evil Group, were arrested in Russia. The Putin regime has recruited them to become a state-controlled group of hackers. About a month later, we began to see a resurgence of attacks. And that’s only the attacks we read about in the headlines. For every ransomware attack you hear about, there are three others that go unreported.

Hackers used a software supply chain attack to insert malicious code into the company’s Orion system. A supply chain attack works by targeting a third party with access to an organization’s systems rather than hacking the networks directly.

The Software Supply Chain Attack

SolarWinds is a company that supplies its software to over 14,000 companies. Russian military intelligence inserted a form of malware that served as a sophisticated backdoor to these companies. It’s a certainty that some of these backdoors have been successfully embedded without US companies knowing about it. Corporations probably can’t determine conclusively whether-or-not a backdoor has been installed.

In the case of the SolarWinds Corporation, one of their customers, a cybersecurity company called Fire Eye, discovered the malware by chance. They had received the software and, months later, somebody noticed a questionable anomaly. SolarWinds is not a unique situation. There are sure to be other corporations that have been infiltrated.

Escalation of Ransomware Attacks

Recently, the President sent warnings to the citizens and businesses across the country and urged everyone to take steps immediately. Key targets include private companies and any organizations that could apply pressure to the national economy and the government, including critical infrastructures.

When it comes to ransomware attacks, no sectors are off-limits. Hackers are going to go after everything that they can. Last year, we saw how no company, large or small, was immune to attack. For example, there were ransomware attacks on the following:

• Small Family-Run Fishing Business 
• Ferry company on Martha’s Vineyard
• Casino Hacked through a Fish-Tank Thermometer
• Large meatpacking company 
• The Colonial Pipeline

Raleigh, NC United States- 05-12-2021: A red plastic bag covers an empty pump at a gas station in Raleigh, NC, after a devastating cyberattack on the Colonial Pipeline disrupts fuel supplies on the East Coast.

Nicole Perlroth assembles her decade of experience as the world’s leading journalist on cybersecurity and digital espionage in an in-depth history of cyberwarfare entitled THIS IS HOW THEY TELL ME THE WORLD ENDS. In it, she warns of the rising stakes for all of us.

The Colonial pipeline was devastated in May 2021 by cyber terrorists. Attackers distributed malware through email then demanded a ransom to restore services. The 5,500-mile pipeline transports 100 million barrels of gasoline and other fuel products per day to the eastern United States. According to a report from Reuters, gasoline futures spiked 3% and have remained above trend since that time.

Two months later, Jennifer Granholm, the Energy Secretary, said that bad actors gained the ability to shut down the U.S. power grid. Hackers embedding themselves in the nation’s electrical grid displayed tremendous sophistication that analysts hadn’t seen before. Whoever was behind the cyber-attacks on our country’s infrastructure was succeeding at an alarming rate. Who did the government call in to investigate? CrowdStrike. Why? Because CrowdStrike has been investigating high-profile cyberattacks since 2011. Investigators at CrowdStrike have even unspooled more recent attacks where the code dates back to 2010. So, CrowdStrike has been on the frontlines of cybersecurity since their beginnings.

What Can Be Done?

There are basic preventative steps that everyone must apply regularly. For example, don’t respond to SMS text messages from unknown origins. Don’t open links from emails of anonymous sources. Make that a personal policy and individuals will effectively eliminate most threats. Companies, on the other hand, are different. They need comprehensive and robust security protocols that are more sophisticated than the attacks.

Companies must realize that antiquated technologies like antivirus and firewalls are weak defenses against modern, sophisticated cyberattacks. Businesses must modernize their cybersecurity by using the new technologies mentioned by President Biden in his message to the nation. Businesses must use security measures like EDR and XDR to protect against modern ransomware groups.

EDR stands for Endpoint Detection and Response. It’s an integrated endpoint security measure that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. In the case of CrowdStrike’s EDR, the security technology combines a high degree of automation with machine learning to enable security teams to identify and respond to threats immediately. The next-generation endpoint protection leverages CrowdStrike’s state-of-the-art file and behavioral-based proprietary machine learning and Indicator-of-attack methodology. This is particularly effective at stopping new, polymorphic or obfuscated malware, which is often missed by legacy antivirus solutions.

An essential ingredient of “next-generation” is reducing overhead, friction, and cost in protecting your environment.

You don’t need a large staff to maintain the CrowdStrike environment. Everything is cloud-based, so there’s no equipment to maintain, manage or update. The Falcon sensor is unobtrusive, and updates are seamless, requiring no re-boots. The web-based management console provides an intuitive and informative view of your company’s complete environment.

XDR is Extended Detection and Response and is the evolution of having EDR as a pre-requisite technology. CrowdStrike’s Falcon XDR uses artificial intelligence to improve threat visibility by making sense of structured and unstructured data at lightning speeds. Falcon XDR rapidly and efficiently hunts and eliminates threats across multiple security domains. What separates Falcon XDR from all others is its ability to isolate and identify relevant telemetry from systems and applications across an organization’s entire IT security ecosystem. Falcon XDR delivers proactive, automated responses to threats across the security stack.

CrowdStrike® Falcon® Complete is a hands-off and worry-free managed detection and response (MDR) solution. The comprehensive security platform is unique. In addition to endpoint security, cloud workload, and identity protection, it provides the process and technology required to handle all aspects of onboarding and configuration to maintenance, monitoring, incident handling, and remediation.

CrowdStrike’s Falcon Complete protects an organization against someone clicking on a link they shouldn’t have. The technology sees the behavior, and as executable files begin unzipping, Falcon Complete begins monitoring for questionable activity. As soon as malicious activity, Falcon Complete isolates it.

Why CrowdStrike?

CrowdStrike has been leading the charge against cyberthreats since 2011 when it was founded. The security firm uses cloud-based software that collects threat data across all connected devices. Artificial intelligence analyzes the information and seamlessly updates all endpoints.

The fast-growing Austin, Texas-based company provides cybersecurity to 15 of the 20 largest banks and 77 Fortune 100 companies. Private sector clients are apprehensive about the escalation of cyberthreats against Americans amid Putin’s invasion of Ukraine. Severe ransomware attacks are likely to increase as sanctions on Russia become more effective.

CrowdStrike has a long history of working with the federal government state, and national oil and energy firms to investigate cyberattacks and shore up defenses. Much of their innovations in security came from listening and working with clients to help solve the most challenging cybersecurity problems. Years of forensic analysis, fine-tuning, and adjusting to meet threats as they emerge have made CrowdStrike the pioneer of cloud-delivered endpoint protection.

CrowdStrike Falcon has revolutionized endpoint security by being the first and only solution to unify next-generation antivirus, endpoint detection and response (EDR), and a 24/7 threat hunting service. Millions of sensors across 176 countries collect and analyze more than 30 billion endpoint events per day. All of them use some form of machine learning and automation. These powerful capabilities are possible through a unique combination of prevention technologies. They include indicators of Attack (IOA), exploit blocking, real-time visibility, and around-the-clock managed hunting to discover and track the stealthiest attackers before they do damage.

The country cannot defend against cyberattacks alone, nor can your organization. Companies need the vigilance of every employee and every contractor. Business leaders must “accelerate efforts to lock their digital doors.” Using CrowdStrike is an effective way to secure all entries to your company’s infrastructure.

IronOrbit knows the importance of having resilient cybersecurity. That is why we protect our virtual desktops, INFINITY Workspaces, with CrowdStrike’s highest level of AI-enabled security technology augmented by live monitoring by a team of CrowdStrike’s team of security experts. Imagine having multiple full-time expert incident responders conducting day-to-day monitoring of alerts.

CrowdStrike® Falcon® Complete is a 100 percent hands-off and worry-free managed detection and response (MDR) solution uniquely provides the people, process, and technology required to handle all aspects of endpoint, cloud workload, and identity security, from onboarding and configuration to maintenance.

Learn more about how to protect your company here. 

or Call us at (714) 777-3222.

The post Why CrowdStrike is Essential for Security first appeared on IronOrbit.

Back when most of the IT experts of today began in the industry, the only infrastructure that was readily available and dependable was on-site servers and networks that were bulky, expensive, and time-consuming to manage and maintain. The last ten years have witnessed tremendous advancements in information technology. Now, IT engineers can design, develop, and implement a company’s entire IT infrastructure within a cloud environment in a fraction of the time it used to take. This good news isn’t just for the IT experts, but for the everyday business owners as well!

Because cloud infrastructure is readily available, you can take advantage of high-powered cloud computing through Desktop-as-a-Service (DaaS). Although DaaS may sound complicated, it’s not. You can use any internet-connected device to access your operating system, applications, business data, and even your desktop settings.

What does that mean for your business? It means anywhere, anytime secure access to your company’s workflow. But that’s just the beginning of the high-impact benefits for forward-leaning companies that choose to leverage the power of Desktop as a Service.

1
Eliminates Grunt Work

Using a DaaS saves your IT department from having to do mundane grunt work such as application licensing, patching, and troubleshooting.

Outside of the fact that DaaS lowers your IT management cost by shifting that responsibility to the cloud provider is the fact that your organization has to spend less effort on maintaining your IT assets. Even companies that have outsourced their IT maintenance to a 3rd party still have a measure of IT housekeeping that they must do internally. DaaS makes IT maintenance and management hands-free for your staff – allowing them to be more effective and efficient in the tasks they were hired to do.

If you’re tired of employees complaining about their computers – or about the IT support – if you’re sick of doing endless updates, upgrades, patches – all to avoid the blue screen of death – DaaS is where you want to be. Most cloud providers offering DaaS have proven their ability to maintain their promise of 99.99% reliable uptime. That’s good news for your workflow and for your ability to focus on your work – not IT issues.

2
Data Redundancy

DaaS puts your company’s workflow in your hands instead of at the mercy of IT roadblocks, ransomware, or a natural disaster like hurricanes, fires, and tornados.

You don’t have to worry about a local network crashing – because there is none. It’s all in the cloud. You don’t have to think about losing data if your laptop dies – because your actual “computer” is virtual and all your data is stored in the cloud. Instead of having an operational IT system and a Business Continuity strategy backup system, you’re using your Business Continuity system every day in the cloud.

Since your data is stored at a secure facility offsite; or, in the case of IronOrbit, stored at multiple data centers, it is protected against onsite server failure or natural disasters. Having redundant backups provides a safety net. If a natural disaster impacts data center one, data center two kicks in automatically.

3
Increased Security

IT support teams in businesses take reasonable precautions to guard against cybercrime. These security measures cannot compete with the security technologies employed by cloud providers delivering DaaS options for businesses.

Critically DaaS shifts the security burden away from the individual device and places it within a data center infrastructure designed for the highest levels of protection. To put it simply, it would be cost-prohibitive for a small to mid-size business to hire even one IT security professional to protect their in-house systems to the level of a Tiered private cloud hosting partner.

Data is no longer vulnerable on a local device but held – and regularly backed up – in a secure hosted environment; it is also encrypted and can be made accessible only through multi-factor authentication protocols. The addition of a designated managed service provider also has its advantages. Systems are monitored 24/7. For example, a managed service provider can prevent someone from stealing data using a USB. That’s why enterprise-class organizations, the military, and the government are overwhelmingly looking to cloud providers to host their workflow. The security is there.

4
Enhanced Flexibility, Agility, & Mobility

We’ve already noted that cloud infrastructure along with new virtual desktops for your staff can be deployed in record time in comparison to traditional on-site IT setups. But that’s just a baseline. Consider the fluctuations of the marketplace over the past few years. The companies that survived and thrived were the ones most able to, in the words of Mohammad Ali, “Float like a butterfly and sting like a bee.” Companies need a high level of agility combined with decisive leadership that can act quickly. DaaS allows you to scale up or down easily, add or reduce capacity, and change directions on the fly if needed.

Once you’ve moved your IT system to a DaaS, mobility becomes much easier. Modern companies are flexible enough to have their employees work from anywhere and on any device of their choosing. To thrive in the new cloud ecosystem, companies will need every tool available to be resilient. Teams will have to expand and contract at a moment’s notice, and they will need to respond quickly to opportunities the moment they appear. DaaS is a building block that makes all of that possible.

Being agile and flexible enables organizations to pivot if need be to remain resilient. Mauro F. Guillen writes, in a recent HBR article, that “successful companies often pivot to a business model that’s conducive to short-term survival, and long-term resilience and growth. Pivoting is a lateral move that creates enough value for the customer and the firm to share.”

The focus is now on productivity, elasticity, and value to the customer. These are the main characteristics that will drive the proliferation of DaaS in business.

5
Reduces Upfront Costs

DaaS reduces enormous upfront costs. Imagine all the hardware you’d have to invest in just to get started. In-house IT infrastructure and computers have to be purchased and implemented with the next 3-5 years of business operations in mind. Recent events have shown that it is impossible to predict the next year much less project 3 to 5 years out.

Even during times of stability, it is often a challenge to budget for hardware replacement. CFOs have to also account for the depreciation of capital expenditures. From the moment you open the box on a new computer, the value depreciates. With many companies still in recovery mode, many are having to delay refreshes altogether, even at the risk of struggling with outdated technology.

DaaS provides the luxury of keeping IT aligned with workflows no matter how dynamic and volatile they may become.
Since DaaS is subscription-based, you’re renting equipment. This subscription-based model moves expenditures from a capital expenditure (CapEX) to an operational expenditure (OpEx). You’re only going to pay for what you use; therefore, if you use a lot, you’re going to pay more. Correspondingly, if you don’t use very much, you pay a minimum amount. This is a CFO’s dream come true because it streamlines operations in ways that lower overall operational costs.

CFOs love DaaS and other cloud-based solutions because of the budget predictability provided by packaged solutions but the fact that they can move CAPEX expenses into the OPEX column. This provides a range of financial and tax efficiencies. #1 in those efficiencies is that your company doesn’t have to pay a large amount of money for in-house servers and networks to be installed. And when your business grows, you don’t have to factor bigger, better servers (with bigger and better prices) into your budgets. Moving IT expenditures from CAPEX to OPEX gives you the flexibility to utilize your cash reserves for other, pro-growth initiatives. Having a fixed and predictable monthly fee certainly makes budgetary planning and forecasting much easier than the break and fix nature of on-premise servers or even in-house VPNs.

6
Energy Conservation Helps the Environment

You’re only one company, but you want to do your part for the environment – and you want your consumers to SEE you doing your part for the environment. Because DaaS allows you to use your devices for longer and to partner with eco-conscious cloud platforms, you can do your part for the planet without it costing you more to do so.

A study conducted by the Carbon Disclosure Project found companies that utilized cloud computing saved a total of $1.3 billion annually and reduced carbon emissions by an equivalent of 200 barrels of oil.

Just imagine the hardware and electrical power needs of even a small-size company. An organization saves tremendous amounts of energy by moving its IT system to a DaaS environment because no onsite servers are gobbling up massive amounts of electrical power. More employees working from home means fewer carbon emissions from vehicles traveling to and from work every day. When you start to consider the number of companies and the number of employees involved, the amount of carbon emissions is significant.

As our lives, work, and thinking turn increasingly towards protecting the climate, conserving energy by leveraging shared data centers will become more attractive and competitive. As this move to remote data centers matures, operators will begin to assess “greener” options for on-site power generation. Data centers are an excellent opportunity to integrate on-site energy generation facilities such as hydrogen applications, solar panels, or a combination of heat and power solutions (CHPs).

Marc Garner, VP of Schneider Electric’s Secure Power Division.

Marc Garner, VP of Schneider Electric’s Secure Power Division.The Vice President of Schneider Electric’s Secure Power Division, Marc Garner wrote in Data Center Dynamics, “Technology has become a key enabler for both businesses and consumers alike, and throughout 2020, dependency on digital infrastructure has increased dramatically. In fact by 2035, Schneider Electric estimates that all IT will consume 8.5 percent of global electricity – compared to 5 percent in 2021 – and data centers are expected to take up a large share of this demand. Many of today’s data center operators, from hyperscalers to cloud and colocation service providers, have already led the market by example, and publicly declared ambitious commitments towards Net Zero, adopting more sustainable approaches to digital business.

Microsoft, for example, has started transitioning to using renewable wind energy – a trend that will likely only continue to increase as awareness and demands for renewables from end-users and governments surge.”

Conclusion

Your business is moving into the future, whether your IT systems are ready for it or not. Using virtual desktops in a DaaS environment ensures you’re always working on the latest version of your operating system and applications. That in and of itself is a compelling reason to move to DaaS,

but that’s only the beginning. Consider that DaaS also gives you a built-in business continuity system. Because your data and workflow are securely housed in the cloud, you never have to worry about how much time, money, and lost opportunities you’d sacrifice if your company’s on-site server goes down.

As Gartner describes in a recent report, technologies utilized by organizations are increasingly conceptualized and implemented outside of the traditional outsourced IT department. Gartner found that the total business-led IT spend averaged around 36% of the total formal IT budget. Business leaders rightfully see digital transformation as an organization-wide discussion, and no longer the sole purview of the IT department.

This article categorized 6 key benefits for companies moving to DaaS. Depending on what priorities are driving your organization at the moment, you may be drawn to one specific DaaS advantage or another. Think about both short and long-term goals in your choice. You might consider DaaS to make hardware refresh more affordable in the short term but also reap the cost and business benefits delivered by DaaS as it has a deeper impact on the continued growth and success of your business long term.

The post The Six Key Benefits of Using Desktop-as-a-Service (DaaS) first appeared on IronOrbit.

Businesses will have to include resiliency planning as they venture forward.

THE SHAPE OF THINGS TO COME: SOME THOUGHTS ABOUT THE NEW – NEW NORMAL

It surprised me. The first time that I heard a news broadcaster use the words “the new normal” in reference to the post COVID time frame made me stop and think. Here was a term first used following the financial crisis of 2008 and it’s aftermath. Until then, I was expecting everything to go back to how we had always known it.

I thought about it. I realized that the newscaster was right. COVID-19 has changed the way we do business – and life – forever. In the midst of the current COVID-19 pandemic, many facets of the way we do business have shifted. Daily, we see our lives become more confined. The uncertainty of it all restricts us in many ways. It is too early to tell what all the permanent business ramifications will be. But there is change in the air. One thing is certain. This situation will expose corporate weaknesses and strengths. How the story unfolds for your business depends largely on how you navigate the waters ahead.

Look at the current impact of the virus on business operations. It’s clear that the shift toward the “new normal” has caused the adoption of certain technologies sooner and faster than ever expected. Here are 6 ways technology trends have changed for better or for worse.

What Has Coronavirus, and Our Reaction to it, Changed in Business Forever?

Online collaboration tools such as Microsoft Teams enables people to connect from home, from the office, or anywhere else.

1.      The way businesses view and handle remote workers has changed.

In this article from MarketWatch, we see some business benefits of allowing employees to work from home, such as taking advantage of a more diverse talent pool and flexibility in labor costs.

A great number of employees now working from home. They’ve been working from home for a prolonged period of time. Many companies will have to make adjustments and accept remote workers. Being able to transition to a home or remote office when problems arise will be the new normal. The bonus: the flexibility allows for a more productive and capable workforce.

Tool and technology that’s ready to go in either environment is a great way to support your team. It encourages autonomy and collaboration among teams. Get the job done, regardless of location. That’s the new normal.

·         Zoom or Microsoft Teams are cloud-hosted communications tools that allow for adhoc web meetings among different groups.

·         Trello is a great way for companies to work together on projects, allowing for integration into other subscription-based business apps like Google drive or Dropbox for sharing.

·         Slack is an attractive alternative to email, allowing single or team-based conversations that are searchable.

Machine learning models may be mislead because of unusual spending habits during a pandemic, but they might play a key role in mitigating the fallout from this pandemic. They’ll definitely minimize the impact of the next.

2.      The way businesses view and use artificial intelligence has changed.

Another trend that has been gaining more traction is the use of artificial intelligence (AI), specifically, machine learning. Being able to mine through the copious amounts of data we have on coronavirus is helping scientists and researchers find answers quicker than ever.

The use-case for machine learning (ML) is not limited to scientific research. Imagine being able to accurately forecast sales data. Or what if you could have a chatbot that could answer customer service inquiries 24/7 from your website?

ML has deep roots in cybersecurity. ML has the ability to analyze network traffic and detect anything seen as malicious. Many of the latest security tools incorporate AI/ML. They are able to learn the current cybersecurity posture of business systems. They can proactively combat malware threats.

The first step for a company is to vet, implement, and accept machine learning. This could be for a specific task or to provide general support to a department. Once this happens, the doors to advance technology swing open. The power of ML to benefit a company become apparent.

Cloud technology has brought stability and flexibility to a world lacking both. Web-based platforms and services continue working without getting overwhelmed by the sudden rise of people going online to do business, work, or play.

3.      Acceptance of the public cloud infrastructure has changed.

With COVID-19 forcing businesses to rely on the cloud, company leaders that were once wary of public cloud infrastructure are now embracing it.

A recent CRN post reports cloud computing have enabled companies to scale business applications. And they’ve been able to do it reliably. Thanks to the minds behind Google, AWS, and Microsoft Azure, rapid scaling has been virtually trouble free.

Microsoft Azure alone has reported a 775% increase in usage of cloud services like Teams, PowerBI, and Windows Virtual Desktop.

Relying on a proven infrastructure is good. Doing it without managing physical server hardware is even better. It is more critical now than ever before.

Businesses that use a cloud infrastructure can scale back without incurring unneeded costs. If they are in a current downswing.

Remote work, SaaS applications, and Cloud Infrastructure are in high gear. The COVID-19 crisis will cause these trends to gain more traction and use. Companies will scale their services and solutions. Those that wing themselves from on-premises infrastructure will have the advantage. They may even elect to downsize physical office buildings. Or not. Having the choice is also an advantage.

The changes to business and technology brought on by COVID-19 are here to stay. There are significant business benefits from this course adjustment. The adoption of cloud-based technologies is one of them.

·         The ability to work from wherever is convenient and productive.

·         The capacity to deliver a solution that is always available – regardless of business demand or outside factors.

·         The freedom for a company to better align with its employees and customer needs.

4.      The competitive edge and viability of companies has changed forever.

People are forced to stay home more. They don’t want to risk exposure. They become reliant on delivery services like Door Dash, PostMate, and InstaGuard to get food and supplies. Streaming services like Netflix and Amazon Prime are bigger than ever.

Who is losing out?

Restaurants by the thousands will struggle to climb out of the COVID-19 trauma. Some won’t make it. The franchise chains will. Cinema theaters across the country are currently closed, and some of them will not reopen. This will have an impact on how movies are exhibited. It will also impact what types of feature films are developed and financed. Fewer studios will be willing to take the risk of financing blockbuster movies. This is especially true of disaster movies. These are the movies that cost hundreds of millions of dollars to make and market.

One night in early April, the Governor of New York summed up the problem, “The simplicity of it is so what makes it so tragic. Because we don’t have a piece of equipment somebody is going to die? How did we get to this place? In this county. We have to buy all our supplies from China? I can’t get protective equipment because China is making it? China is making the ventilators?”

But it’s not just medical supply chains that are being reconsidered. The coronavirus pandemic will also have long term effects on the tech hardware industry.

Parts needed to assemble various hardware and electronic products come from a multitude of sources. Most of them are overseas. A factory that makes television monitors doesn’t necessarily make the screens. The processing chips are made at a different factory. The power supply might be made at yet another factory. It’s all interconnected. If one factory is shut down, it impacts all the others down the line.

The entire system can grind to a halt. Having a supply chain that involves multiple nations like the United States and China will most certainly be re-evaluated. It’s better to have all the needed components of a particular name brand product to build closer to home. This will kill some tech manufacturing firms and enrich others.

The use of AI automation is going to make it more attractive for manufacturing to come back to the USA. That will shorten the length of supply chains while ensuring their security.

Apple’s already indicated that it won’t be able to make a sufficient supply of its Smartphones for the year. That’ll be true of other smartphone makers…some won’t make it. It has already begun.

The is Irony is that a virus that originated in China is ultimately helping China’s economy to bounce back. China has the capacity to manufacture much of the equipment needed in other parts of the world, including our own. Long term, many companies are going to be looking at diversifying their supply chain. They’ll avoid putting all their eggs in one basket.

What ever shape the new normal takes, remote work will definitely remain part of the picture.

5.      Everyone in the company working in and from one building – or any company-owned building – has changed forever.

In an April 20th Fast Company article, several enterprise CEOs and influencers, including Jared Spataro (corporate vice president, Microsoft 365), agree that working from home and increased video conferencing will become the new normal.

Jared Spataro is the Vice-President of Microsoft 365.

Jared Spataro is quoted as saying,“This time will go down as a turning point for the way people work and learn. We have a time machine as China navigates its return back to work—and we’re not seeing usage of Microsoft Teams dip. People are carrying what they learned and experienced from remote work back to their “new normal.” We’re learning so much about sustained remote work during this time.”

Business is not the only place where “from home” situations will continue well after COVID-19 has been conquered. Education is another sector that has changed forever. But what about all those families that don’t have basic access to the Internet at home? School shutdowns requiring students to take online courses widen the socio-education disparity in our society.

Sal Khan, founder of Khan Academy.

Sal Khan, founder and CEO of the educational nonprofit Khan Academy, said, “The need for online access and devices in every home is now so dire that it may finally mobilize society to treat internet connectivity as a must-have rather than a nice-to-have. We’re already seeing governments, school districts, philanthropists, and corporations step up to close the digital divide. If this continues to happen, we could get to a state of nearly universal online access at home.”

Sal Khan’s prediction is already happening in Singapore where universal Internet connectivity is nearly 100%. Universal Internet connectivity in Singapore is part of their Intelligent Nation 2015 and Smart Nation initiative. In August 2018, Ookia’s speed tests determined that Singapore’s broadband speed of 181.47 Mbit/s is the highest in the world.

6.      Our view of reliance on a single revenue stream – as a business and as individuals – has changed forever.

Will Lopez, head of accountant community at HR platform Gusto put it all into perspective when he said,

“This won’t be the end of brick-and-mortar store. Just as it won’t be the end of the digital cinema theater. These are important businesses. They help form the social fabric of our communities. But retail shops and restaurants will change the way they operate. The crisis has reminded people that they need to remain agile. It has reminded us to move with the times. Don’t be stuck with the old way of doing things.”

Where many of these shops have historically relied on foot traffic. These same shops will now develop ways to create alternative streams of revenue. For example, many restaurants will link up with delivery service platforms. They’ll expand their geographic reach. More boutiques will develop an online presence that reaches beyond their local neighborhoods.”

Business leaders are too busy struggling to keep their operations going to wonder what the new normal will be like. We’ve got to get through this first.

IN CONCLUSION

The “new normal” will mean most companies will stall. Many will go out of business. The ones that do survive must continue to optimize the way they operate. They will have to rethink their business models moving forward. Supply chains have been disrupted. For many this experience has been a painful lesson. Companies will respond. They’ll have to. They will strengthen whatever back-up plans they have in place. If there are none. They will have to build them from scratch. This includes expanded work-at-home capabilities for more employees. They’ll have to consider options. Then they must position themselves to take advantage of those options.

New resiliency metrics will be rolled into valuations along with climate-related risks. The whole concept of resiliency will have the same importance as cost and efficiency. Resiliency is no longer a nice to have, but a necessity.

Individuals, communities, businesses, and governments are learning new ways to connect. Business leaders are finding faster, cheaper ways to operate. Conferences and meetings happen on online. Everybody that can has been working from home. These are positive changes. Better management. A more flexible staff.

Can we create a next new normal? One that will be better than what it replaced? Can we become agile enough to move even as the situation moves? Can we learn to address the challenges positively.  These will be a long-term questions for us all.

What innovations will there be to leverage?

What technologies will business leaders use to thrive in the “new normal?”

The post The New Normal – How 2020 Changed Business Forever first appeared on IronOrbit.

Usually, it’s not different. Things feel different for a little while, and then things return to normal.

This time, I think, truly is different. The COVID-19 pandemic has forced most businesses to close their doors. Conferences, concerts, and sporting events have been cancelled. And companies have their employees working from home. More employees now work from home than ever before.

“When a crisis like the new coronavirus temporarily forces companies into remote work, it tends to show them that it can be done successfully,” says Kate Lister, president of Global Workplace Analytics and cited in the Chicago Tribune.

Remote work probably is here to stay. For that reason, honing your remote work policy is my number one recommendation during the pandemic. I also recommend working on and practicing your disaster and contingency planning policies, storing sensitive data centrally, and encrypting sensitive information.

A little background on me: I’m a former CIA officer, so I know a thing or two about traveling and working remotely. Almost 15 years ago, I started working “remotely” under minimal supervision. My work was representing the US Government in meetings with other governments. These were countries most people have never heard of.

When I left the Agency, I found myself consulting and working remotely for companies throughout the US and throughout the world. My clients extended as far away as Poland and Ukraine. I never met my clients Poland face to face. The business was entirely remote.

I co-founded a company. My partners and investors were based in Boston. I worked, you guessed it, from home. My responsibilities necessitated travel. I had to spend some personal time with my team in Boston. I spent about one week each month onsite.

The amount of time needed on-site could vary. While my startup required a good deal of me being onsite, many consulting projects were done remotely. I’d say most any job can be accomplished remotely.

There has been significant discomfort in the past about remote work. I have experienced this first hand. As I rose through the ranks at the CIA, people wanted me for increasingly senior positions. My working from home became more of a problem for my supervisors. Companies might be comfortable with a developer or designer telecommuting. They are definitely not comfortable when it comes to a job that involves managing a team. Last January, I had discussions with companies who loved my skills and experience. They wanted what I had to offer. But the distance and telecommuting was a deal-breaker. So they backed out because they were uncomfortable.

Technology has made Location Irrelevant

Before the coronavirus, management and HR policies were stuck with the old ways of doing things.

The need for physical distancing has forced us to work from home. Many business leaders, managers, and even employees were uncomfortable with the concept. Most will find remote work isn’t bad or scary. Many will even become comfortable with remote work as standard policy. An April 6, 2020 ZDNet article reported that 74% of CFOs say they expect to move previously on-site employees remote post-COVID-19. Gartner found that a quarter of respondents will move at least 20% of their on-site employees to remote work permanently.

Pandemic Recommendation #1: Hone the Remote Work Policy

Remote work is here to stay. Remote work maximizes worker time by cutting out commutes. It decreases the need for parking and office facilities. It saves energy too. Not as much gasoline is used. There are fewer traffic accidents. There is less pollution because people are not driving to work en mass.

But remote work also raises a whole new set of security issues. How do we keep customer or other sensitive data secure when that data is in an employee’s home?

Simple mistakes can lead to large consequences. Failing to patch a computer program or server invites hackers to exploit the flaw.

Do you remember the Equifax incident? Equifax couldn’t be counted on to patch its centralized systems.
Their systems contained huge amounts of personal information. How can we handle personal information printed on little Johnny’s color printer? No company wants to be responsible for the next Equifax-type incident because its employees are working from home.

Having employees work from home presents more vulnerable endpoints. “More personnel telecommuting adds to cybersecurity risks. These people carry devices packed with data. “Opening remote access creates more challenges,” according to Parry Aftab, Executive Director of The Cybersafety Group. Be sure you have considered endpoint security as part of expanded remote access.

And what happens if a worker is injured while working from home? Will they be eligible for Workers’ Compensation benefits?

For these reasons, my number one recommendation is to hone in on your Remote Work Policy. If you don’t already have a remote work policy, then you need one right away. What is the policy now, and what will it be after the crisis is over. If you do have one, now is a great time to review the policy. Make sure it still fits today’s needs and contexts. Update the policy as needed.

The policy should include the expectations of employees. What security measures are employees expected to use at home. Clarify legal liabilities. How will you protect privacy and remain GDPR and/or CCPA compliant? What are the company’s policies on equipment use and repairs? A complete Remote Work Policy will address these issues.

Ensure that employees maintain a safe remote work environment. Secure their devices with anti-malware software. These devices should have personal firewalls, and regular patching for software vulnerabilities.

Pandemic Recommendation #2: Disaster Preparedness & Contingency Plans

A few years ago, I was walking the halls of RSA with one of my clients, helping them make sense of the complex and confusing world of cybersecurity. RSA is *the* conference for cybersecurity. 45,000 people attend each year including more than 600 vendors. We were walking the expo halls. We saw an endless supply of hi-tech security offerings. There were vendors offering proactive protection. Some had advanced threat detection, while others had automated or AI-augmented remediation tools.

There were vendors offering proactive protection of one kind or another. Out of the 669 vendors at RSA, not one were there to help companies prepare for disaster recovery and contingency plans.

Out of the 669 vendors at RSA, how many were there to help companies prepare for disaster recovery and contingency plans? I didn’t see one. When it comes to pandemic, we’re mostly on our own. There is no Coronavirus as a Service (CaaS). When we face potential times of crisis, it’s a good reminder to test our continuity plans. If there are no continuity plans to test, then it is vital to create them.

It all starts with your business continuity & disaster recovery plan. Such a plan is a standard part of a NIST 800-53’s CP-1.
It includes strategies like having alternate data storage sites. Alternate data storage sites are important if the main storage site becomes inoperable or compromised. Backups should be in multiple locations far from each other. If one is on the west coast of the United States, the other should be on the east coast. The midwest is also a very good location for remote workers. That region is good for fail over data centers or other cloud resources.

You will want to review your plan. Identify and account for all assets, both technology and human.

Review alternate operations center options. Current areas of operations may become inaccessible. A pandemic may make it unsafe for people to congregate in one place. This is a good time to review or create work-from-home programs. Consider remote fractional vCISO services. Ensure you can maintain your security operations even if employees can’t physically come to the office.

Pandemic Recommendation #3: Store Everything Securely

With so many employees working from home, it’s easy for sensitive information to leak. Remote work often involves creating and editing work-related information. These can be emails, Word documents, and Excel spreadsheets. A customer’s personal identifying information could be left on a personal printer. Sensitive business information can end up on a CD that gets misplaced. There are number of possible security mishaps.

Imagine you recently became GDPR compliant. At a cost of more than $100,000 for 74% of organizations, according to a CPO Magazine article. If you don’t protect personal information at your worker’s homes, you might still be facing a GDPR fine. According to the UK Information Commissioner’s Office, a company in England was fined $340,000 for leaving documents with personal information unlocked,

To reduce this risk, it’s important to store files in a centralized location. A secure cloud is the best location. If the information stays in your cloud, it’s much less likely to end up somewhere it shouldn’t be.

Bio-based authentication and encrypting mobile devices prevents others from reading and using the information on a stolen or lost device.

Pandemic Recommendation #4: Encrypt Data

When more employees work from home, it’s more likely that their devices will be lost or stolen. Encrypting these devices prevents others from reading and using the information on a stolen or lost device. Full disk encryption on personal computers, phones, and tablets is a good method. It will encrypt all storage on the employee’s device. Or at least create an encrypted partition to store sensitive data.

Advanced Encryption Standard (AES) is a good encryption standard to use. The US Government uses AES to keep classified data secure, according to an article in TechRadar.

Even if an employee’s computer is encrypted, there are security risks. The data may not be encrypted when it’s in transport. If an employee has full-disk encryption, the data will not be encrypted in transit. Ensure that data is encrypted before transit. This way anyone who intercepts the data cannot do anything with it. Another good strategy is to set up a secure protocol like Transport Security Layer (TLS).

Technology can go a long way to keep your data secure, but security is essentially a people business. Most breaches occur when people make mistakes. There is no substitute for educating your team. Train and retrain them on the fundamentals. Establishing standards for shutting down each day is a good idea.

The post Cybersecurity Recommendations for Companies During Pandemics first appeared on IronOrbit.

That’s why most of them are on the cloud in one form or another. The AEC industry is highly fragmented, data-intensive, and project-based. Designing, building, and repurposing require all the traditional disciplines you’d expect, but also many ancillary areas such as energy, environment, and waste.

The Journal of Cloud computing: Advances, Systems, and Applications reported that sharing data and supporting coordination between people involved is difficult and reliant on third-party tools to support such capability. “We believe cloud computing provides a more efficient and robust mechanism for individuals within the AEC industry to collaborate and share data. Work is already underway in the AEC sector for developing data and process models to enable greater interoperable working between project participants.”

This research has led to the development of the concept of Building Information Models (BIM) – a design process that looks at a building’s life cycle. The BIM concept helps designers and others see how a building will use resources before it’s built. BIM was an evolution of ideas.  Start with a powerful digital drawing tool and then evolve it into a much more sophisticated program. The software works in partnership with the designer or architect. A set of drawings becomes an interactive database. When the designer draws on the screen, the BIM system computes the properties of the building and even suggest improvements for everything from energy efficiencies to people flow while costing out every conceivable option. Every variable is built into the AutoDesk software. Any design changes are immediately reflected in revised cost estimates. It tells how much energy the modified design will save. The architect is working with a set of drawings and a data model that understands the whole building as a three-dimensional living system. Keep in mind that BIM includes all the information about a building. It should be a complete 4D virtual repository of the data associated with the structure from beginning to the end of its life.

Being on the cloud facilitates hiring, and retaining, some of the best talents all over the world.

THE CLOUD ENABLES REMOTE COLLABORATIVE TEAMS to work seamlessly together on complex projects.

Collaborative working environments have been long-standing key aspects of AEC workflows. Traditionally, those collaborative teams had to commute to one centralized location. Today, offering work environment flexibility (home office or corporate office) has become somewhat of an expected perk. This was a trend long before the coronavirus reared its ugly head. Now, there are government mandates pressing the point even more. We’re all being forced to work from our homes. Coronavirus aside, future AEC firms don’t want to have their collaborative teams tied to one physical location. Not any more.

Jennifer Howe, VP of SMMA (an architectural firm headquartered in Boston) and acting president of the ACEC organization, Massachusetts Chapter says, “As much as I don’t want to be working from home, there are times when I need to be working from home. Our IT staff had us set-up to work remotely, but it wasn’t the same as what we have now with the cloud. I can be on my laptop with IronOrbit and see everything the same way as we see it while we’re in the office.”

She recognizes that it’s more of an employee’s market now. “The ability to offer talented candidates the option to work from home is an added incentive to join your team.” That’s especially true when nothing is lost while moving from the office workstation to your mobile device-of-choice working at home. But there are other reasons to migrate to the cloud.

A much more enhanced remote work experience is not the only reason to move the cloud. The biggest, more critical reason, is security. But it can’t be just any cloud solution. , The cloud environment needs to customized to the unique needs of the firm. Jennifer talks about the biggest threat every firm faces. “Ransomware attacks are a tremendous concern. An ACEC Mass member firm had a recent incident where they were hit with a cyber-security breach. That was very concerning to our entire chapter. ACEC actually hosted an informative event where they shared some of the issues that they had. For SMMA, as government contractors, we need to be very protective and careful with the information that we have.”

Just a few short years ago, Google Drive and DropBox were the popular options between those who wanted to share large files. Those options weren’t great at protecting intellectual property. Concerns over security justifiably kept many AEC firms from utilizing them.

In addition to state-of-the-art firewalls, antivirus protocols, malware filters, and encryption, a truly holistic approach to security includes 24/7 monitoring.

Industry-Wide Concern for Security Is At An All-Time High

Carlos Charry is the Director of Technology for SMMA. He says security has been a top concern for everybody. “One of our competitors got hit with ransomware a few years back. It made me look at our own situation and ask, ‘Are we prepared for this?’ I knew we weren’t ready.”

The level of security provided by IronOrbit – the firm’s cloud solution provider is far beyond anything they could have accomplished on their own. The entire IT infrastructure is protected by state-of-the-art firewalls, antivirus protocols, malware filters, and encryption. The security doesn’t stop there. There is an entire team of engineers, rotating around the clock, monitoring the data centers for any type of potential security threat.

But Carlos adds, “The question of security aside, you still have to keep up with technology. That means having your IT infrastructure on the cloud. The cloud provides faster updates. Just keeping all your applications up to date saves you a lot of trouble. Most of my time before the cloud was spent handling IT issues.  Things like the network not being responsive or our server going down. I spent time on things like that and couldn’t devote myself to what I truly love to do which is to improve our business processes. I want to make them better so the company can become ever more efficient.

Carlos continues, “The cloud has enabled us to hire anyone anywhere in the world. The employee just needs a PC and an Internet connection of some kind and they can utilize our tools. We currently have people working for us from Maine and New York. Since we’ve moved to the cloud, my headaches have been reduced. Once an employee is connected to the cloud, I don’t have to worry about it. I know the data is automatically being backed up. My worries are basically gone.”

FINDING THE RIGHT WAY TO COLLABORATE IS CRITICAL TO RUNNING AN EFFECTIVE BUSINESS

Jennifer says, “Working with Carlos, our IT director, we’re always looking for better ways to do our work. SMMA is a full-service design firm. Collaboration is the key to our success. Finding the right way to collaborate internally and collaborate with our clients is a critical part of running an effective business.

MOVING TO THE CLOUD. WHAT IS IT LIKE?

People were hesitant at first. The cloud environment is different from having your server on the premises. It’s different. “As we were going up to the cloud, and trying to figure out how to use it, they weren’t sure at first what to expect. Is it going to make my life better or worse? Finally, through effective collaboration and communication, we found it to be an invaluable tool. I find that I can access whatever I need wherever I am.  One of the things that surprised me was being at a client meeting and just being on wi-fi and act as if I were in the office. I’m able to pull up any document I need at any time. For example, I do a lot of government work. When I’m doing a client visit, I often don’t have wi-fi available to me. No worries. I just turn on the hotspot on my phone and still be able to open up a CAD drawing. You’d think that would be impossible to do, right? But it really works quite well.”

Being able to be remote and share a CAD drawing on your laptop using the hotspot on a smartphone is amazing. “You think it’d be impossible, but it actually works very well.”

Hector Inirio is the Design Technologist. He says, “That the most attractive aspect of moving to the cloud was a blend of things. There are many aspects of advanced IT that are beyond our expertise such as high-end security threats. Ransomware is a good example. I really liked the fact that cloud technology democratized our computer systems. We’re not transferring any data from our local workstations. The workstations themselves, really become more like dumb terminals. So, no matter what kind the computer was at a particular desk, they all now respond like high-end machines.  Previously, due to cost, we’d only have some users on higher-end machines. The ones who didn’t need the computing power were working on equipment with less computing power. Now, all of them respond with higher specs.”

“I really liked that cloud technology democratized our computer systems. It made all of them perform like higher spec machines” – Hector Inirio

The computer terminals become virtual desktops because they are hosted by the external cloud server. Any slowness or frustrations you’ve experienced with your current Internet connection go away. Once users log in to the hosted desktop you’re using bandwidth from the cloud. There are separate gigabyte connections to the Internet. Your bandwidth virtually becomes unlimited.

The technology needed to aid the construction industry’s complex workflows hadn’t become available until the past few years. There are now plenty of SaaS solutions available to make full use of what cloud technology offers. Most contractors are implementing cloud solutions. The few who are not risk losing any competitive edge they had. These firms are also in danger of becoming irrelevant as technology advances at exponential rates. They simply won’t be able to keep up. Remaining current with the speed of technology means being able to focus on human capital.  These are qualities like talent, skills, know-how, empathy, and creativity. All of these are undervalued human assets to unlock. You won’t be able to leverage this human capital if you’re stuck in the mud because your technology isn’t current.

MAKE FULL USE OF THE BENEFITS

Construction companies already on the cloud should evaluate if they’re making full use of being on the cloud. There is another benefit of cloud computing. Construction companies should be cashing in on the ability to store tremendous amounts of big data files onto more powerful machines. More can be done with fewer resources. Anywhere there’s an Internet connection you’re good to go. Being on the cloud removes hardware limitations, prevents loss of data, dramatically improves security (if designed correctly), and improves accessibility.

One of the key issues within the industry is the storage of building data throughout the whole life of the building. Data processing is also an important concern for the industry. During construction, a large part of the work takes place on-site where computing resources, up till now, have been non-existent.

The cloud offers data processing power. Drones hover over construction sites and take pictures with detailed GPS coordinates and metadata. Stitching these images into an orthograph requires more processing power than typical computers can muster. Visiting job sites can take hours. Now construction sites can be viewed via a SaaS platform. A design captain or engineer can get a real-time view of the location from anywhere in the world, and on any device. This technology also makes sharing data much easier. There’s a misconception that data becomes less secure on the cloud. It turns out the opposite is true. That is if the new cloud environment has been designed with tight security in mind. If the data is kept at a Level 3 Data Center with round the clock monitoring, cybersecurity is on an entirely different level. It’s in a league of its own. One that isn’t possible for on-prem servers or public clouds.

The post Why Every AEC Firm Needs to Move to the Cloud Now first appeared on IronOrbit.

Data breaches are happening at an alarming rate. In fact, the threat of ransomware attacks has become elevated to crisis levels. While there’s increased awareness, attacks are becoming more sophisticated. A variety of large and small organizations are being attacked. No one is immune. The healthcare industry has been and continues to be, prime targets. And for good reason. Healthcare organizations are considered low-hanging fruit by cybercriminals. Hackers know healthcare centers are notorious for having inefficient security. Most hospitals don’t have procedures in place to restore a network once locked by ransomware. Most applications in Hospitals have little or no network segmentation. There are no firewalls between workloads. Basic security protocols are not in place.

Besides the alarming ransomware statistics, there are some attacks that never get reported. The U.S. Department of Health and Human Services experienced 52 data breaches in October. Last year, hackers stole over 38 million medical records. These sobering statistics have made the healthcare industry take notice. Many healthcare organizations are taking steps to increase cybersecurity. But more can be done. This article will take a look at some of the more recent ransomware cases. We’ll look at some mistakes that were made in dealing with cyberattacks. And we’ll offer ways to improve cybersecurity and protect patient data moving forward.

The consequences of a data breach reach far beyond the breaking news story. There’s more to it than the short news article that appears on your computer screen. A single attack can close down an organization for good. It can happen in a few minutes. The consequences can have long-lasting implications. This is particularly true for the healthcare industry. Sure, the reputation of the healthcare center gets flushed down the toilet, but there’s a real impact on the patients. These incidences are not merely expensive inconveniences. Cyberattacks disrupt the entire eco-system of the institution. It puts people’s health, safety, and lives at risk.

Security breaches will cost healthcare organizations $6,000,000,000 this year.

Often, the healthcare center gets victimized twice. First, there is a ransomware attack. Second, the healthcare system becomes the target of a class-action lawsuit from a community of angry patients and their families.

Consider the New Scientist article about the 2016 attack on the Hollywood Presbyterian Medical Center. It was a Friday afternoon when malware infected the institution’s computers. The attack seized patient data and prevented the staff from further communication. The date was February 5. The same day computer hackers tried to steal 1 billion from the Federal Reserve Bank of New York. It all happened in a matter of seconds. Medical records had to be kept by using pen and paper. They used old fax machines. Patients were sent to other hospitals, operations canceled. The medical center was back on-line after a 2-week standoff. But not until after paying a ransom of 50 bitcoins (the equivalent of $17,000 at the time).

Malware can infect the entire computer system. Someone clicks on a link to a booby-trapped website or opens an attachment in a phishing email. Immediately, malicious malware gets to work encrypting the files. Some malware can immobilize entire IT infrastructures. If data is backed up and you get an attack of malware or something, you can always go back to yesterday’s data.
Healthcare targets often have their backs against the wall during a cyberattack. Because they don’t have their files backed up.

In most cases, a ransom is paid. The hackers deliver the decryption key. And medical centers are able to decrypt the seized files. The Hollywood Presbyterian Medical Center was straight forward. They handled the crisis as best they could. See the above comments about using pen and paper. They negotiated a lower ransom and their data was returned. More recent victims haven’t been so lucky.

Medical malpractice has been part of the healthcare landscape since the 1960s. Now there is an additional risk of medical malpractice during ransomware attacks. If the ransomware attack affects the patient in any way, there will be repercussions.

While only a few healthcare systems have policies around using mobile devices, there is a growing movement to regulate such devices.

Take the cyberattack on LifeBridge Health systems. Seven months after the incident, the Baltimore-based health system faced another problem. A class-action lawsuit was filed against them. The lawsuit claimed negligence on the part of the medical center. It also accused LifeBridge of waiting 2 months before informing the affected patients.

LifeBridge had to respond to the allegations. The organization contracted a national computer forensic team to investigate the attack. Patients were offered credit monitoring and identity protection services.

Clearly there are basic mistakes made that contribute to breaches. Mistakes can allow the infiltration to happen in the first place. Resolving a ransomware situation is stressful. People can do things that t make the situation worse.

Ransomware Recovery Mistakes

Health Management Concepts in Florida was attacked with ransomware. The official report was made on August 23. HMC learned about the incident on July 16. The ransom was paid. The attackers delivered the decryption keys. The hospital IT administration immediately took steps to decrypt the data. To their horror, the HMC staff realized they made the problem worse. They accidentally sent files containing patient information to the hackers.

UnityPoint Healthcare had the misfortune of suffering two security breaches in 2018. The second attack compromised the data of 1.4 million patients. At least, that’s the official tally. A series of phishing emails had been made to look like they were from a top executive within the company. An employee fell for the scam. It gave hackers the opportunity needed to penetrate the entire system.

The protection of healthcare assets is not just a matter of protecting patient information but protecting the patients themselves.

Recognizing the Risk is the First Step Toward Protecting Patient Information

The onslaught of cyberattacks against healthcare is relentless. There are inspiring stories of medical centers fighting back. They’re defending themselves against nefarious cyberattacks. They’re saving lots of money. Increasing their efficiency. And better protecting their patients.

One such story belongs to the Interfaith Medical Center of Brooklyn, New York. It’s a 287-bed non-profit teaching hospital that treats more than 250,000 patients every year. They were able to avoid malware outbreaks. Their proactive approach enabled them to detect and respond immediately to advancing threats. Their strategy involved an assessment of threats and implementation of policies and procedures.

Incident response time is critical. Measure it with a stopwatch, not a calendar. All the segmentation in the world isn’t any good if the door won’t be closed in time. Their program was successful. It identified malware infections long before they had a chance to become a problem. They were even able to identify a malware-infected medical device after it came back from a repair vendor.

The Interfaith Medical Center anticipated a ransomware attack and took steps to prepare for it. In a September 3, 2019, Healthcare IT News article, we learn how Christopher Frenz – the VP of Information Security protected the non-profit’s IT system. “One of the ways I approached this was simulating a mass malware outbreak within the hospital, using a custom-developed script and the EICAR test string. Running the script attempted to copy and execute the EICAR test string on each PC within the organization to simulate the lateral movement of a threat within the hospital. Exercises like these are great because they help an organization identify what security controls are effective, which controls are ineffective or in need of improvement, how well or not the staff response to an incident will be, and if there are any deficiencies in the organization’s incident response plan,” he explained.

Christopher Frenz, VP or Information Security at Interfaith Medical Center, led the charge with his zero trust architecture that protected the network from cyberattacks and saved the healthcare system millions of dollars.

“We have successfully avoided malware outbreaks and are actively detecting and responding to advanced threats, long before they impact privacy or operations.”

Christopher Frenz, Interfaith Medical Center

The article ends with some excellent advice from Frenz. “Healthcare needs to begin to focus on more than just compliance alone, as it is far too easy to achieve a state where an organization meets compliance requirements but is still woefully insecure. Organizations need to put their security to the test. Pick solutions that can empirically be shown to improve their security posture.”

There are basic steps healthcare organizations can take to minimize their risk of ransomware attacks. Learn as much as you can about ransomware attacks. Consider all possible points of entry. Where is your IT system vulnerable? Medical software used for patient data has numerous vulnerabilities. Healthcare cybersecurity statistics by Kaspersky Security Bulletin found easy access to 1500 devices used by healthcare professionals to process patient images such as X-rays.

Improving the cybersecurity of a healthcare organization, whether large or small, has two parts. One part has to do with the design and implementation of the IT system entire (i.e. whether-or-not there’s back-up and disaster recovery features in place). The other part has to do with your human capital.

Malware can be introduced from any number of locations along with your network. Often the attack is designed with multiple points of entry. It could be phishing emails where an employee is tricked into clicking on something that is booby-trapped. It could be a bogus email from what looks like an upper-level executive but is actually from a hacker.

ON-GOING EDUCATION AND REFRESHER COURSES

Healthcare employees should have regular and comprehensive cyber threat education. This enables them to avoid falling into traps that can trigger ransomware. It also serves to establish a strong security culture.

Human beings make mistakes. This is especially true in the busy high-stress environments of hospitals. Or in situations where doctors, nurses, and orderlies work extended 10 to 12-hour shifts. People have to be educated about the risks of cyberattacks and what forms such attacks might take. It’s easy for a rushed employee, at the tail-end of their shift, to unknowingly click a file, download an unauthorized software, or be tricked into loading a contaminated thumb drive. There are basic security processes that should be implemented. These are things like creating strong passwords and changing them at regular intervals. Duel factor protection is also a good idea.

Cybercrooks study the vulnerability of humans. Hackers continually figure out ways to exploit human traits and their gullibility. Through social engineering tactics, cyber attackers design pathways to plant ransomware or get a foothold in an information system.

SECURITY IS NOT ABOUT QUICK FIXES

Take the time to ensure the staff and vendors are mindful of what they’re doing. Review policies and procedures regarding handling patient data. Review how to avoid security incidences. As we have seen, any data breach has legal ramifications. There needs to be a systematic response that is carefully considered and forged into a process. Additionally, partner with the right vendor who can design and provide a holistic security solution that will protect your patients.

The post The Healthcare Ransomware Epidemic: How to Protect Your Patients first appeared on IronOrbit.

Calculating the ROI of your technology investment doesn’t have to be rocket science, but remember what Einstein once said, “Not everything that counts can be counted.”

Looking beyond spreadsheets and calculations means considering how your technology helps you meet your strategic objectives.  Long-term success depends on a proactive agenda of workforce transformation, strategic flexibility, security, and manageability.  Are your technology investments driving productivity for your business? Are they solving challenges or creating more problems? Answers to questions like these are the main reasons why many companies are moving to the cloud.

Forrester released a report in early 2019 that stressed the importance of corporate leaders to gain more fluency in the technology choices made. They need to understand the different performance yields of different innovation efforts. It’s important to be visionary about where the company is headed during the years to come. Know what is at stake should you keep your IT infrastructure on-prem or move it to the cloud. Become focused on how to make business technology a basis of a durable strategic advantage.

While corporate leaders need not be able to use devices, programs, and apps, they should know enough about them to discuss them intelligently with the team.

In a more recent podcast, Forrester gives its top predictions in IoT, AI, and cloud computing.

About half the big enterprise outfits that try to transform their systems fail or stall under the sheer size, and complexity of the process. Certainly, a large part of the problem has its origins in the failure to design a strategic plan that works. Don’t put the cart before the horse. Remember the carpenter’s rule, “measure twice, cut once.” You’ll avoid costly mistakes, both in terms of time and money, if you do research and get as much information as possible before you start spending resources on cloud migration.

ADVICE FROM EXPERTS 

Every organization has its own unique strategic needs. Not all businesses have the same priorities. There is no one-size-fits-all approach to developing a strategy or plan to move to the cloud. Any significant technological transformation requires analyses and consultation with experts in the field. It also helps if these experts know as much as possible about your business goals.

The first step is to become clear-eyed on the business strategy.  Evaluate business objectives and assess how your existing technologies align with meeting those plans. Inevitably gaps will become apparent.

Utilize the insights from the best technology consultants you can find. They’ll be able to recommend available options and optimal routes. In some cases, there may not be an immediately available option that best suits your objective. In those situations, something more innovative and customized to specific needs may be needed. This is exactly why a good advisor is critical to successful cloud migration. A good advisor will be a true IT professional, one who stays abreast of the latest technologies, but also one who has a comprehensive understanding of business operations. Having this kind of resource on hand can mean all the difference between a successful transformation or one that goes off the rails. Failed attempts are costly with absolutely no ROI.

While it’s true that every company is unique and each one has its own set of priorities for future growth and productivity, there are a few technology industry trends that can serve as a guiding light.

THE INCREDIBLE EVER-CHANGING WORKFORCE

This isn’t your grandfather’s workplace environment anymore. It’s not even your father’s workplace environment.  For people to become fully engaged and productive, they need flexibility over the tools they use. The choice of places to work would be nice too. Employees need reliable and secure access to the resources they use and depend on.  Consistency of experience shouldn’t be over-rated either.

Wakefield Research conducted a survey showing the scope of this on-going technological evolution. Not too surprising, the report found that 69% of the employees regularly work remotely. Some 21% of them blend environments by working both in an office and somewhere else, such as at home or a communal workspace (Starbucks anyone?). The survey went on to show that a whopping 80% of the office professionals agree that, within 5 years, businesses will not be competitive without using cloud-based apps. Future-proofing means leveraging cloud servers and taking advantage of new technologies as they become available.

MEETING RISING EXPECTATIONS, PRESSURES, AND DEMANDS FOR INCREASED SECURITY

New business models, competitors, and customer preferences emerge seemingly from nowhere. Turn around for a moment, and there are new things to look at. During this age of acceleration, all of us have to stay on our toes. We have to practically reinvent ourselves from Monday through Friday. Companies of all sizes have to move quickly to capture new opportunities. And if you think it’s intense now, just wait until next year and the year after that. Modern technology and its impact on business is moving at an exponential rate.  I’m getting dizzy just thinking about it.

Even as things are moving at breakneck speed, security demands have never been greater. Security is also more challenging than ever.  Check out our previous blog on cyber attacks and ransomware for some not so gentle reminders of how costly cyber attacks can be. IT transformation has increased the opportunities available to would be hackers. And these hackers have their choice of mobile devices, web apps to IoT. New mandates, like the General Data Protection Regulation (GDPB) have raised the stakes for everyone.

As companies increasingly leverage the cloud to store customer data, SOC 2 compliance is becoming a necessity.

START AT THE BEGINNING

So, let’s start at the beginning of any company’s transformational journey. Ask the question, “Can your current technologies help you meet all the requirements in ways that enable you to move quickly and stay on top of your priorities?”

Wakefield Research shows that 69% of the employees regularly work remotely and 21% of them combine home and office environments.

MOBILE FORCES

MORE PRODUCTIVITY, WITH LESS STRESS AND IN LESS TIME

It’s becoming more common to see employees working from home or both at home and in the office.  Where ever they choose to plow through their day, they need tools that are smart, fast, seamless. They need to work collaboratively. They need to be open robust programs like Revit, or SoftImage, or After Effects, and use them quickly, seamlessly, and without interruption.  Having apps on cloud servers enable distributed teams to collaborate easily across great distances.  Whatever the scenario, the new IT setup needs to empower your people to get more things done, more easily.

KEEP IT SIMPLE

Before making an investment in technology, consider if it adds to the complexity of your workplace or helps reduce it.  Does it help to streamline operations? In other words, does it impose a burden of daily management that diverts attention and resources? Or does it free-up people’s time so that they can focus more on their own work.

SECURITY IS A CHALLENGE

The threat of cyber attacks is greater than ever. A breach of security can be devastating. Finding skilled security professionals has never been more difficult. The more complex the IT environment, the greater the security risk. There are more openings for attacks. Consider public networks, mobile devices, and web apps. There are insider threats, phishing, and so on.

Sometimes it may be worth taking on the additional security risk in exchange for exceptional business value. It’s a trade-off that should be factored into the evaluation of your transformation strategy. Keep in mind, if a technology can make security simpler, more transparent, and more effective, that’s an advantage.

Cryptojacking is the unauthorized use of one’s computing devices. It is accomplished by injecting the system with hidden code that immediately starts benefiting third parties. About two-thirds of companies targeted by ransomware attacks have been infected.

LEVERAGE THE FLEXIBILITY TO IMPROVE STRATEGY

It’s a great period of time to be an IT professional or developer. The hybrid, multi-cloud era has brought tremendous freedom and flexibility to what used to be just a metal box and a lot of colorful cables.  Now, cloud technology enables us to provision resources and demand, scale easily, and support users anywhere. Cloud servers also allow for beefed up security and greater performance. The cloud is where data rules supreme.  It’s not under the rug, in the closet, or filed away on hard drives stored in a drawer. We now have a place, seemingly with no limits, to put all the data we’re accumulating (organizations stockpile data but seldom dispose of it).

On the user side of things, cloud computing has given employees the freedom to choose any device, time, or place to work. These various cloud options mean a consistency of quality user-experience.

The prediction is that 41% of enterprise workload will be run on public cloud platforms by 2020. Another 20% will be private-cloud-based, while 22% will rely on hybrid cloud adoption.

NO TECHNOLOGY EXISTS IN A VACUUM

If one of your investments limits the utility of another, it degrades the value of both. A Good strategic transformational designer will always look at the big picture and assess how everything is connected.

When it comes to remaining profitable while future-proofing a company, not everything is about dollars and cents. Considering the ever-evolving workplace, with all its need for mobile applications, collaboration tools, data crunching, and massive amounts of storage. Keeping our eyes on the big picture is necessary if we’re to evaluate ROI accurately.

The true ROI has to do with information technology that advances key priorities such as productivity, reducing complexity, strengthening security, and ensuring choices are available whenever needed.

The post What is the True Cost & Benefit of Moving to the Cloud first appeared on IronOrbit.