Category: Security

How to Adopt New Technologies
Understand How Technology Can Grow & Protect Your Company Then Take Incremental Steps to Meet Prioritized Objectives.

New technology can benefit companies in all industries. Reading about the possibilities is exciting. Business leaders are eager to get on the bandwagon. Leaders can become impatient when they learn the competition has implemented something like cognitive technologies to solve a problem and gain a significant advantage.

Ultimately, companies recognize that digitizing operations and developing a digital strategy is necessary. The fear is that the longer they wait, the more at risk they put the future of their company. Jumping all in for transformation becomes an irresistible temptation. Too many business leaders want to make fast decisions for fear of missing out. They start the process before they’re ready. Transforming processes before you are ready leads to frustrations and unrealized benefits.

 

Use Managed Services as an Intermediary Step

Part of the challenge for many companies has legacy systems, and they’re not in a position to retire them overnight. Leaders will realize when the next natural progression is to switch to modern applications. Partnering with a forward-leaning technology company like IronOrbit can enable baby steps towards modernizing your operations. This approach affords the time to determine which tools are critical for sustainable growth and which are not.

You build incremental confidence in the technology, while IronOrbit can make recommendations based on your immediate, mid-range, and long-term strategy. And it’s okay if there is no long-term strategy other than fortifying and growing your business. IronOrbit, as your managed service provider, can help supply the missing pieces of the puzzle. You will begin to approach digital more like the business decision it is. An incremental approach enables digitization and adoption of new technologies when it makes sense. Digital and business strategies must align and integrate throughout the organization.

Corporations have silos of group activity. They’ve been that way for over a century. Anything to do with IT would be the purview of a secluded department or an enclave of tech-focused professionals. When you talk about digital transformation or adopting new technologies, you’re talking about a change of one kind or another. Certain company cultures can adapt more quickly than others. Still, change can be complicated. As your Smart Managed Service Provider, IronOrbit helps to simplify the process and make it substantially more manageable.

Begin with the End in Mind

A digital transformation can mean different things to different people. It might mean software to increase operational efficiencies for one, or develop an omnichannel retail strategy for new product offerings for another. Start by clarifying why undertake the transformation and what business opportunities will arise from the changes. The more you know about what challenges you want technology to solve, the easier it will be to build the proper foundation.

In Conclusion

Adopting new technologies should be seen as a marathon and not a sprint. Take the time to understand which technologies perform what kinds of tasks. Identify a prioritized portfolio of projects based on business needs. The close collaboration of in-house technology leaders and C-level executives will become increasingly crucial as acceleration (technology and change) continues. CIOs and CTOs have the expertise to help navigate a straightforward integration of digital and business strategies.

IronOrbit ensures you’ll have a map to successfully evaluate and integrate new technology while balancing the upgrade and management of existing systems.

 

Learn more about how to adopt new technologies for your company here. 
or Call us at (888) 753-5060.
Why CrowdStrike is Essential for Security
Why CrowdStrike is Essential for Security

Cyberthreats to your business are at an all-time high. They are, as President Biden states, “the defining threats of our time.” Is your company prepared to withstand such attacks? According to a recent Gartner article, business leaders need to do more to strengthen their cybersecurity.

 

“There are only two types of companies: Those that have been hacked and those that will be hacked.”

Robert S. Mueller, former Director of the FBI – 2012

 

“There are only two types of companies: Those that have been hacked and those who don’t know they have been hacked.”

accredited to John Chambers, CEO Cisco – 2019

 

Days before Russian tanks began rolling into Ukraine; a significant connectivity outage hit Viasat Inc. (VSAT). The Carlsbad, Calif.-based company is a leading provider of high-speed satellite broadband and secure networking for military and commercial customers worldwide. Viasat modems control thousands of wind European wind turbines. Suddenly, they went offline. The outage hobbled the Ukrainian military as generals began preparing for the Russian invasion. Reuters later reported the blackout to be sabotage.

Although most well-organized ransomware gangs are in Eastern European countries, state-sponsored hacking groups are from China and North Korea. They use sophisticated tools to embed malware deep inside the most extensive networks. In many cases, malicious code can go undetected for months, infecting millions of computers.

On January 15, 2022, members of one of the main ransomware gangs, Our Evil Group, were arrested in Russia. The Putin regime has recruited them to become a state-controlled group of hackers. About a month later, we began to see a resurgence of attacks. And that’s only the attacks we read about in the headlines. For every ransomware attack you hear about, there are three others that go unreported.

 

Hackers used a software supply chain attack to insert malicious code into the company’s Orion system. A supply chain attack works by targeting a third party with access to an organization’s systems rather than hacking the networks directly.
The Software Supply Chain Attack

SolarWinds is a company that supplies its software to over 14,000 companies. Russian military intelligence inserted a form of malware that served as a sophisticated backdoor to these companies. It’s a certainty that some of these backdoors have been successfully embedded without US companies knowing about it. Corporations probably can’t determine conclusively whether-or-not a backdoor has been installed.

In the case of the SolarWinds Corporation, one of their customers, a cybersecurity company called Fire Eye, discovered the malware by chance. They had received the software and, months later, somebody noticed a questionable anomaly. SolarWinds is not a unique situation. There are sure to be other corporations that have been infiltrated.

Escalation of Ransomware Attacks

Recently, the President sent warnings to the citizens and businesses across the country and urged everyone to take steps immediately. Key targets include private companies and any organizations that could apply pressure to the national economy and the government, including critical infrastructures.

When it comes to ransomware attacks, no sectors are off-limits. Hackers are going to go after everything that they can. Last year, we saw how no company, large or small, was immune to attack. For example, there were ransomware attacks on the following:

  • Small Family-Run Fishing Business 
  • Ferry company on Martha’s Vineyard
  • Casino Hacked through a Fish-Tank Thermometer
  • Large meatpacking company 
  • The Colonial Pipeline

 

Raleigh, NC United States- 05-12-2021: A red plastic bag covers an empty pump at a gas station in Raleigh, NC, after a devastating cyberattack on the Colonial Pipeline disrupts fuel supplies on the East Coast.

 

Nicole Perlroth assembles her decade of experience as the world’s leading journalist on cybersecurity and digital espionage in an in-depth history of cyberwarfare entitled THIS IS HOW THEY TELL ME THE WORLD ENDS. In it, she warns of the rising stakes for all of us.

The Colonial pipeline was devastated in May 2021 by cyber terrorists. Attackers distributed malware through email then demanded a ransom to restore services. The 5,500-mile pipeline transports 100 million barrels of gasoline and other fuel products per day to the eastern United States. According to a report from Reuters, gasoline futures spiked 3% and have remained above trend since that time.

Two months later, Jennifer Granholm, the Energy Secretary, said that bad actors gained the ability to shut down the U.S. power grid. Hackers embedding themselves in the nation’s electrical grid displayed tremendous sophistication that analysts hadn’t seen before. Whoever was behind the cyber-attacks on our country’s infrastructure was succeeding at an alarming rate. Who did the government call in to investigate? CrowdStrike. Why? Because CrowdStrike has been investigating high-profile cyberattacks since 2011. Investigators at CrowdStrike have even unspooled more recent attacks where the code dates back to 2010. So, CrowdStrike has been on the frontlines of cybersecurity since their beginnings.

What Can Be Done?

There are basic preventative steps that everyone must apply regularly. For example, don’t respond to SMS text messages from unknown origins. Don’t open links from emails of anonymous sources. Make that a personal policy and individuals will effectively eliminate most threats. Companies, on the other hand, are different. They need comprehensive and robust security protocols that are more sophisticated than the attacks.

Companies must realize that antiquated technologies like antivirus and firewalls are weak defenses against modern, sophisticated cyberattacks. Businesses must modernize their cybersecurity by using the new technologies mentioned by President Biden in his message to the nation. Businesses must use security measures like EDR and XDR to protect against modern ransomware groups.

EDR stands for Endpoint Detection and Response. It’s an integrated endpoint security measure that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. In the case of CrowdStrike’s EDR, the security technology combines a high degree of automation with machine learning to enable security teams to identify and respond to threats immediately. The next-generation endpoint protection leverages CrowdStrike’s state-of-the-art file and behavioral-based proprietary machine learning and Indicator-of-attack methodology. This is particularly effective at stopping new, polymorphic or obfuscated malware, which is often missed by legacy antivirus solutions.

An essential ingredient of “next-generation” is reducing overhead, friction, and cost in protecting your environment.

You don’t need a large staff to maintain the CrowdStrike environment. Everything is cloud-based, so there’s no equipment to maintain, manage or update. The Falcon sensor is unobtrusive, and updates are seamless, requiring no re-boots. The web-based management console provides an intuitive and informative view of your company’s complete environment.

XDR is Extended Detection and Response and is the evolution of having EDR as a pre-requisite technology. CrowdStrike’s Falcon XDR uses artificial intelligence to improve threat visibility by making sense of structured and unstructured data at lightning speeds. Falcon XDR rapidly and efficiently hunts and eliminates threats across multiple security domains. What separates Falcon XDR from all others is its ability to isolate and identify relevant telemetry from systems and applications across an organization’s entire IT security ecosystem. Falcon XDR delivers proactive, automated responses to threats across the security stack.

 

CrowdStrike® Falcon® Complete™ is a hands-off and worry-free managed detection and response (MDR) solution. The comprehensive security platform is unique. In addition to endpoint security, cloud workload, and identity protection, it provides the process and technology required to handle all aspects of onboarding and configuration to maintenance, monitoring, incident handling, and remediation.

CrowdStrike’s Falcon Complete protects an organization against someone clicking on a link they shouldn’t have. The technology sees the behavior, and as executable files begin unzipping, Falcon Complete begins monitoring for questionable activity. As soon as malicious activity, Falcon Complete isolates it.

Why CrowdStrike?

CrowdStrike has been leading the charge against cyberthreats since 2011 when it was founded. The security firm uses cloud-based software that collects threat data across all connected devices. Artificial intelligence analyzes the information and seamlessly updates all endpoints.

The fast-growing Austin, Texas-based company provides cybersecurity to 15 of the 20 largest banks and 77 Fortune 100 companies. Private sector clients are apprehensive about the escalation of cyberthreats against Americans amid Putin’s invasion of Ukraine. Severe ransomware attacks are likely to increase as sanctions on Russia become more effective.

CrowdStrike has a long history of working with the federal government state, and national oil and energy firms to investigate cyberattacks and shore up defenses. Much of their innovations in security came from listening and working with clients to help solve the most challenging cybersecurity problems. Years of forensic analysis, fine-tuning, and adjusting to meet threats as they emerge have made CrowdStrike the pioneer of cloud-delivered endpoint protection.

CrowdStrike Falcon has revolutionized endpoint security by being the first and only solution to unify next-generation antivirus, endpoint detection and response (EDR), and a 24/7 threat hunting service. Millions of sensors across 176 countries collect and analyze more than 30 billion endpoint events per day. All of them use some form of machine learning and automation. These powerful capabilities are possible through a unique combination of prevention technologies. They include indicators of Attack (IOA), exploit blocking, real-time visibility, and around-the-clock managed hunting to discover and track the stealthiest attackers before they do damage.

The country cannot defend against cyberattacks alone, nor can your organization. Companies need the vigilance of every employee and every contractor. Business leaders must “accelerate efforts to lock their digital doors.” Using CrowdStrike is an effective way to secure all entries to your company’s infrastructure.

IronOrbit knows the importance of having resilient cybersecurity. That is why we protect our virtual desktops, INFINITY Workspaces, with CrowdStrike’s highest level of AI-enabled security technology augmented by live monitoring by a team of CrowdStrike’s team of security experts. Imagine having multiple full-time expert incident responders conducting day-to-day monitoring of alerts.

CrowdStrike® Falcon® Complete™ is a 100 percent hands-off and worry-free managed detection and response (MDR) solution uniquely provides the people, process, and technology required to handle all aspects of endpoint, cloud workload, and identity security, from onboarding and configuration to maintenance.

 

Learn more about how to protect your company here. 

or Call us at (888) 753-5060.

Desktop-as-a-Service
The Six Key Benefits of Using Desktop-as-a-Service (DaaS)

Back when most of the IT experts of today began in the industry, the only infrastructure that was readily available and dependable was on-site servers and networks that were bulky, expensive, and time-consuming to manage and maintain. The last ten years have witnessed tremendous advancements in information technology. Now, IT engineers can design, develop, and implement a company’s entire IT infrastructure within a cloud environment in a fraction of the time it used to take. This good news isn’t just for the IT experts, but for the everyday business owners as well!

Because cloud infrastructure is readily available, you can take advantage of high-powered cloud computing through Desktop-as-a-Service (DaaS). Although DaaS may sound complicated, it’s not. You can use any internet-connected device to access your operating system, applications, business data, and even your desktop settings.

What does that mean for your business? It means anywhere, anytime secure access to your company’s workflow. But that’s just the beginning of the high-impact benefits for forward-leaning companies that choose to leverage the power of Desktop as a Service.

1
Eliminates Grunt Work

Using a DaaS saves your IT department from having to do mundane grunt work such as application licensing, patching, and troubleshooting.

Outside of the fact that DaaS lowers your IT management cost by shifting that responsibility to the cloud provider is the fact that your organization has to spend less effort on maintaining your IT assets. Even companies that have outsourced their IT maintenance to a 3rd party still have a measure of IT housekeeping that they must do internally. DaaS makes IT maintenance and management hands-free for your staff – allowing them to be more effective and efficient in the tasks they were hired to do.

If you’re tired of employees complaining about their computers – or about the IT support – if you’re sick of doing endless updates, upgrades, patches – all to avoid the blue screen of death – DaaS is where you want to be. Most cloud providers offering DaaS have proven their ability to maintain their promise of 99.99% reliable uptime. That’s good news for your workflow and for your ability to focus on your work – not IT issues.

2
Data Redundancy

DaaS puts your company’s workflow in your hands instead of at the mercy of IT roadblocks, ransomware, or a natural disaster like hurricanes, fires, and tornados.

You don’t have to worry about a local network crashing – because there is none. It’s all in the cloud. You don’t have to think about losing data if your laptop dies – because your actual “computer” is virtual and all your data is stored in the cloud. Instead of having an operational IT system and a Business Continuity strategy backup system, you’re using your Business Continuity system every day in the cloud.

Since your data is stored at a secure facility offsite; or, in the case of IronOrbit, stored at multiple data centers, it is protected against onsite server failure or natural disasters. Having redundant backups provides a safety net. If a natural disaster impacts data center one, data center two kicks in automatically.

3
Increased Security

IT support teams in businesses take reasonable precautions to guard against cybercrime. These security measures cannot compete with the security technologies employed by cloud providers delivering DaaS options for businesses.

Critically DaaS shifts the security burden away from the individual device and places it within a data center infrastructure designed for the highest levels of protection. To put it simply, it would be cost-prohibitive for a small to mid-size business to hire even one IT security professional to protect their in-house systems to the level of a Tiered private cloud hosting partner.

Data is no longer vulnerable on a local device but held – and regularly backed up – in a secure hosted environment; it is also encrypted and can be made accessible only through multi-factor authentication protocols. The addition of a designated managed service provider also has its advantages. Systems are monitored 24/7. For example, a managed service provider can prevent someone from stealing data using a USB. That’s why enterprise-class organizations, the military, and the government are overwhelmingly looking to cloud providers to host their workflow. The security is there.

 

Companies need the speed and agility embodied by Muhammad Ali.
Muhammad Ali’s combination of his heavyweight body, speed, and reflexes was revolutionary and made his boxing style artistic. Ali said he needs to, “Float like a butterfly and sting like a bee.” In order to be resilient, companies need to do the same thing.
4
Enhanced Flexibility, Agility, & Mobility

We’ve already noted that cloud infrastructure along with new virtual desktops for your staff can be deployed in record time in comparison to traditional on-site IT setups. But that’s just a baseline. Consider the fluctuations of the marketplace over the past few years. The companies that survived and thrived were the ones most able to, in the words of Mohammad Ali, “Float like a butterfly and sting like a bee.” Companies need a high level of agility combined with decisive leadership that can act quickly. DaaS allows you to scale up or down easily, add or reduce capacity, and change directions on the fly if needed.

Once you’ve moved your IT system to a DaaS, mobility becomes much easier. Modern companies are flexible enough to have their employees work from anywhere and on any device of their choosing. To thrive in the new cloud ecosystem, companies will need every tool available to be resilient. Teams will have to expand and contract at a moment’s notice, and they will need to respond quickly to opportunities the moment they appear. DaaS is a building block that makes all of that possible.

Being agile and flexible enables organizations to pivot if need be to remain resilient. Mauro F. Guillen writes, in a recent HBR article, that “successful companies often pivot to a business model that’s conducive to short-term survival, and long-term resilience and growth. Pivoting is a lateral move that creates enough value for the customer and the firm to share.”

The focus is now on productivity, elasticity, and value to the customer. These are the main characteristics that will drive the proliferation of DaaS in business.

 

5
Reduces Upfront Costs

DaaS reduces enormous upfront costs. Imagine all the hardware you’d have to invest in just to get started. In-house IT infrastructure and computers have to be purchased and implemented with the next 3-5 years of business operations in mind. Recent events have shown that it is impossible to predict the next year much less project 3 to 5 years out.

Even during times of stability, it is often a challenge to budget for hardware replacement. CFOs have to also account for the depreciation of capital expenditures. From the moment you open the box on a new computer, the value depreciates. With many companies still in recovery mode, many are having to delay refreshes altogether, even at the risk of struggling with outdated technology.

DaaS provides the luxury of keeping IT aligned with workflows no matter how dynamic and volatile they may become.
Since DaaS is subscription-based, you’re renting equipment. This subscription-based model moves expenditures from a capital expenditure (CapEX) to an operational expenditure (OpEx). You’re only going to pay for what you use; therefore, if you use a lot, you’re going to pay more. Correspondingly, if you don’t use very much, you pay a minimum amount. This is a CFO’s dream come true because it streamlines operations in ways that lower overall operational costs.

CFOs love DaaS and other cloud-based solutions because of the budget predictability provided by packaged solutions but the fact that they can move CAPEX expenses into the OPEX column. This provides a range of financial and tax efficiencies. #1 in those efficiencies is that your company doesn’t have to pay a large amount of money for in-house servers and networks to be installed. And when your business grows, you don’t have to factor bigger, better servers (with bigger and better prices) into your budgets. Moving IT expenditures from CAPEX to OPEX gives you the flexibility to utilize your cash reserves for other, pro-growth initiatives. Having a fixed and predictable monthly fee certainly makes budgetary planning and forecasting much easier than the break and fix nature of on-premise servers or even in-house VPNs.

 

6
Energy Conservation Helps the Environment

You’re only one company, but you want to do your part for the environment – and you want your consumers to SEE you doing your part for the environment. Because DaaS allows you to use your devices for longer and to partner with eco-conscious cloud platforms, you can do your part for the planet without it costing you more to do so.

A study conducted by the Carbon Disclosure Project found companies that utilized cloud computing saved a total of $1.3 billion annually and reduced carbon emissions by an equivalent of 200 barrels of oil.

Just imagine the hardware and electrical power needs of even a small-size company. An organization saves tremendous amounts of energy by moving its IT system to a DaaS environment because no onsite servers are gobbling up massive amounts of electrical power. More employees working from home means fewer carbon emissions from vehicles traveling to and from work every day. When you start to consider the number of companies and the number of employees involved, the amount of carbon emissions is significant.

As our lives, work, and thinking turn increasingly towards protecting the climate, conserving energy by leveraging shared data centers will become more attractive and competitive. As this move to remote data centers matures, operators will begin to assess “greener” options for on-site power generation. Data centers are an excellent opportunity to integrate on-site energy generation facilities such as hydrogen applications, solar panels, or a combination of heat and power solutions (CHPs).

 

Marc Garner, VP, Schneider Electric
Marc Garner, VP of Schneider Electric’s Secure Power Division.

Marc Garner, VP of Schneider Electric’s Secure Power Division.The Vice President of Schneider Electric’s Secure Power Division, Marc Garner wrote in Data Center Dynamics, “Technology has become a key enabler for both businesses and consumers alike, and throughout 2020, dependency on digital infrastructure has increased dramatically. In fact by 2035, Schneider Electric estimates that all IT will consume 8.5 percent of global electricity – compared to 5 percent in 2021 – and data centers are expected to take up a large share of this demand. Many of today’s data center operators, from hyperscalers to cloud and colocation service providers, have already led the market by example, and publicly declared ambitious commitments towards Net Zero, adopting more sustainable approaches to digital business.

Microsoft, for example, has started transitioning to using renewable wind energy – a trend that will likely only continue to increase as awareness and demands for renewables from end-users and governments surge.”

 

 

 

 

Conclusion

Your business is moving into the future, whether your IT systems are ready for it or not. Using virtual desktops in a DaaS environment ensures you’re always working on the latest version of your operating system and applications. That in and of itself is a compelling reason to move to DaaS,

but that’s only the beginning. Consider that DaaS also gives you a built-in business continuity system. Because your data and workflow are securely housed in the cloud, you never have to worry about how much time, money, and lost opportunities you’d sacrifice if your company’s on-site server goes down.

As Gartner describes in a recent report, technologies utilized by organizations are increasingly conceptualized and implemented outside of the traditional outsourced IT department. Gartner found that the total business-led IT spend averaged around 36% of the total formal IT budget. Business leaders rightfully see digital transformation as an organization-wide discussion, and no longer the sole purview of the IT department.

This article categorized 6 key benefits for companies moving to DaaS. Depending on what priorities are driving your organization at the moment, you may be drawn to one specific DaaS advantage or another. Think about both short and long-term goals in your choice. You might consider DaaS to make hardware refresh more affordable in the short term but also reap the cost and business benefits delivered by DaaS as it has a deeper impact on the continued growth and success of your business long term.

 

 

Balancing with Dominos
Cybersecurity as a Cost of Doing Business

 

Cybersecurity is turning out to be a top priority for organizations in every sphere. The reason being that cybercrime is costing businesses around the globe billions of dollars each year. 

According to IBM, the average cost of a data breach is $4.24million as of 2021, up from $3.86million in 2020. With cyberattack stories becoming a common feature of news headlines globally, companies cannot ignore the risks they face and whether they’re doing enough to protect themselves.

Why? Cyber gangs have evolved. They aren’t only interested in the so-called ‘big corporations.’ Small businesses are also falling on the receiving end of cyber-attacks, not because the cybercriminals are interested in compensation, but because small businesses hold data that can lead to a bigger catch.

Any way you look at it, your business, big, small, new, or old, possesses something that may aid cybercriminals in their course—the more reason why cybersecurity is critical in every business.

For many companies, embracing some form of cybersecurity is preparing or dealing with a growing concern of sophisticated cyber-crime.

This post will guide you through the right approach to adopt cybersecurity as a cost of running your business.

Conducting Threat Assessment

Your cybersecurity cost should be based on the level and types of threats you are exposed to, face or project.

As organizations give their teams the liberty to work remotely, organizations are more vulnerable than before. As such, it’s as important as ever to conduct a comprehensive threat analysis for your organization— following best practice guidelines—and decide on a cybersecurity budget.

Threat assessment also helps to validate your cybersecurity budget over time as threats evolve.

Educating and Training Users

Innovative business leaders understand the importance of constant cybersecurity and insider threats education. While your team members may not intentionally act maliciously, research shows that they’re the weak link to exposing company data to risk.

Aside from your core cybersecurity talent pool, your entire team must be well-educated on cybersecurity’s significance and best practices.

This calls for organizational investment in employee’s career and skills development if they want to maintain a high level of security.

Organize workshops, seminars, etc., to train everyone through simulated exercises, so they develop skepticism plus the ability to spot threats and readily report any suspicious activity.

Well-trained employees are essential to the success of any cybersecurity strategy.

Preparing for Incident Response

Prevention and remediation measures are two different expenses that most organizations get mixed up. Enterprises need to acknowledge that these are distinct departments that work together to get threats out the door.

However, spending generously on prevention and forgetting incident response can wreck your remediation journey when calamity strikes.

To be safe, organizations must also set aside risk tolerance funds for remediation processes based on the assessment of expected incidents.

Upgrading and Replacing your Infrastructure 

Today’s technology is fast-paced, ever-evolving, and driven by innovation. As a result, software, tools, and hardware possess a short life cycle often sustained by ongoing updates, releases, and upgrades.

Over time, such technology becomes unsupported and outdated, putting your organization at risk of cyber-attacks.

This is to say that enterprises must regularly check and replace obsolete systems or face security risks due to human negligence, malice, or system failure.

Security-as-a-Service 

Security-as-a-Service is a worthwhile undertaking that can keep your organization ahead of security threats. Even with in-house experts, it’s not uncommon to see large organizations outsource or rely on third parties on SaaS.

Consultants bring innovative ideas and deep industry knowledge to help test and secure your business. They help identify gaps and formulate, cocreate or improve security practices and processes.

Also, due to the complexity of cybersecurity, it becomes wise to use outside help and let your team focus on core business operations.

Outsourcing helps organizations leverage large pools of minds while limiting overhead costs, reducing risks, and getting access to proprietary security technologies such as DaaS, app and server hosting, disaster recovery and backup plans, and more.

Preparing for the Worst

An organization always needs to understand that risk assessment is critical regardless of how strong its defenses are. Risks change every minute, which requires your organization to adapt, adjust and prepare for new threats.

This means that your cyber security budget needs regular review and will most likely increase. Realistically, you can’t base your current cybersecurity budget on last year’s threats.

Cyber Insurance

Could you afford to pay out fines and restore normalcy if your businesses suffered a devastating cyber-attack? If not, cybersecurity insurance is worth your consideration.

Cyber insurance helps mitigate expensive losses while mitigating for your business the negative impact of data breaches, downtime, infrastructure damage depending on coverage. Notably, cybersecurity insurance should be a backup to a solid cybersecurity strategy.

Don’t wait until calamity strikes to put thought into protecting your organization.

With a rising number of cyber-attacks and an ever-widening regulatory landscape demanding stricter data protection requirements, organizations need to integrate cybersecurity in their operating costs to mitigate the risk of threats.

With these tips and a reliable security partner, you’ll be well on your way to protecting your business from threats.

 

To learn more about how you can protect your company from cyber-attack, please call

888-753-5060

Business Owner UPDATE

CLOUD TECHNOLOGY SOLUTIONS

For Business Owners

We Help You Stay Ahead of the Competition.

Focus on Your Business, Not IT Headaches.

We Can Simplify Everything for You.

Our INFINITY Workspaces solution provide busy business owners like yourself the freedom and flexibility you need. A complete ICT solution for all of your users. Whether remote or in-house, we handle everything for you. Allowing you the freedom to focus on more important things, like running your business.



Wonder What It’s Like to Work With IronOrbit? (Our Process)

Consulting

We listen to what our clients want to do with their IT systems, taking their organizational objectives and timetables into account.

Design

We formulate a solution that addresses our client’s concerns with their current IT environment but that also enables them to pursue their next-stage goals.

Implementation

We bring the required IT solutions online while being careful not to interrupt the client’s daily workflow.

Continuous, Caring Support

We pride ourselves on speedy response times and maintaining a high touch with our customers (24/7 US-based support).





Everything You Need to Get Your Business up & Running With the All-in-One ICT Solution

For a Fixed-Monthly fee, IronOrbit provides a turnkey solution that leverages the power of the cloud for the assets that matter most.

Microsoft 365 support, 24/7 IT support, Cloud Workspaces for ALL of your users. Fast, secure, backed up and future-proof.

Your digital transformation.

  • Blazing-Fast, All-Flash/SSD Hosting; Launch In 1 Second
  • Email Encryption, 2FA & MDM Add-Ons Available
  • UNLIMITED CPU, RAM & Microsoft Software Upgrades
  • 24/7/365 All-Inclusive Support (W/ Engineering)
  • Highly-Secure, HIPAA, PCI DSS, & SOC 2 Compliant
  • 99.999% Uptime Guarantee




We Know There Are Business Dangers Out There

Being Non-Compliant Can Damage Your Reputation

Don't leave your IT infrastructure to a single person. Rely on our team who is dedicated to protecting your business from threats.

Lost Productivity Is Wasted Money

If your system goes down for 1 second, you're losing money. Being with IronOrbit enables 99.999% uptime!

Transparent

Pricing

Get away from wasting money on constant hardware upgrades. We extend the life of all your current hardware thanks to our SMX Technology!



heavy

We Assist Business Owners

CLIENT STORY

G&C Corporation

“It was crazy! We had servers all over the place. Different applications everywhere, it was chaos. We chose IronOrbit because they could streamline the operations. They would be on call for us and be there in the event of emergencies. So it was time to move forward.”

Gene Hale – President – G&C Corporation

CLIENT STORY

K-Co Products

David Kurrasch, the CEO and founder of K-Co Products, shares the one thing he did to free up more time so that he could focus on growing his business. K-Co distributes innovative products like the popular Monkey Hook and the Little Big Shot.

CLIENT STORY

Cal Fasteners

“A lot of times I'll be at home and think, 'Man, I forgot to take care of this’. With IronOrbit I can walk into any room at home, open my laptop, and I'm suddenly at work. I can take care of whatever it is and not have to worry about it anymore. I can be anywhere in the world and be at my desk. I don't have to back-up anything because it's already backed up.”

Joe Truckey – Owner – Cal Fasteners

joe truckey ironorbit testimonial with play button

What Are IronOrbit

INFINITY Workspaces?

Now, more than ever, business owners need easily accessible and dynamic computing, communications, and collaboration capabilities. Put simply, IronOrbit INFINITY Workspaces (hosted desktops), are your computers in the cloud. And they are optimized for what business owners need to accomplish.

Your applications, your files, your operating system – even your personal desktop shortcuts and settings – it’s all there for you. INFINITY Workspaces are faster and more powerful than your laptop or desktop computers and can be accessed securely via any internet-connected device.

Your All-in-One ICT Solution.

Technology &

Cloud Innovations

Check out our blog for the latest in the cloud and

bleeding-edge technology and innovations.

Contact us to get started

Schedule a consultation by filling the contact form below or call us at

(888) 753-5060

!function(){function t(t){this.element=t,this.animationId,this.start=null,this.init()}if(!window.requestAnimationFrame){var i=null;window.requestAnimationFrame=function(t,n){var e=(new Date).getTime();i||(i=e);var a=Math.max(0,16-(e-i)),o=window.setTimeout(function(){t(e+a)},a);return i=e+a,o}}t.prototype.init=function(){var t=this;this.animationId=window.requestAnimationFrame(t.triggerAnimation.bind(t))},t.prototype.reset=function(){var t=this;window.cancelAnimationFrame(t.animationId)},t.prototype.triggerAnimation=function(t){var i=this;this.start||(this.start=t);var n=t-this.start;504>n||(this.start=this.start+504),this.element.setAttribute(“transform”,”rotate(“+Math.min(n/1.4,360)+” 12 12)”);if(document.documentElement.contains(this.element))window.requestAnimationFrame(i.triggerAnimation.bind(i))};var n=document.getElementsByClassName(“nc-loop_circle-02-24”),e=[];if(n)for(var a=0;n.length>a;a++)!function(i){e.push(new t(n[i]))}(a);document.addEventListener(“visibilitychange”,function(){“hidden”==document.visibilityState?e.forEach(function(t){t.reset()}):e.forEach(function(t){t.init()})})}();

Virtual Cybersecurity professional
Virtual Cybersecurity Professionals Needed More Than Ever

Data Breaches taught companies hard lessons in 2019. Even back then, Forrester’s VP and group director of security and risk research, Stephanie Balaouras warned that all companies need a chief information security officer.

In a February 24, 2020 MIT Technology Review Business Lab episode, Balaouras makes the case that the world of cyberthreats is becoming more intricate and perilous. Cybersecurity isn’t just stopping the threats you see, but also the ones you can’t see. “Even companies that have a Chief Information Security Officer (CISO) should take a hard look at how high in the organization they report,” Balaouras says. “Do they have the right budget? Do they have enough staff?  Have you given them the right span of control?”

Thanks to technology we are able to carry our office with us, reach out and talk to anyone at anytime, and all at incredible speed.  The mobile devices that make our lives so much easier, also increase the attack surface for cyber criminals. Few corporate functions have had to pivot so quickly or dramatically as cybersecurity operations. CISOs have had to take steps to minimize network threats targeting the legions of work-from-home employees.

According to a McKinsey article by Venky Anant, Jeffrey Caso, and Andreas Schwarz, “The response to the crisis continues to press department budgets and limit resources for other, less essential functions.”

Many companies are freezing their hiring because of the pandemic. Unfortunately, now is a risky, uncertain time to add full-time equivalent (FTE) employees. But companies, most of which don’t have the expertise in-house, need to hire a professional to lead their cybersecurity initiatives. What’s the solution?

VIRTUAL IS THE KEY WORD FOR 2020 & BEYOND

Virtual Cybersecurity Professionals (VSCP). VSCPs are the latest trend in cybersecurity hiring, bringing additional cybersecurity talent at a fraction of the cost, without requiring office-space, benefits, or training. VSCP don’t require on-boarding, and they can hit the ground running.

BUILD SECURITY ON A SOUND FOUNDATION

They are accustomed to handling a wide range of responsibilities geared towards protecting online data from being compromised. Sure, they safeguard organization’s files, networks, install firewalls, and monitor activity, but they should also create security plans that involve all employees of the company. As mentioned in one of our brief articles on phishing attacks, the best technology in the world isn’t going to protect a company’s data if the employees are not educated on the best practices of handling emails. Having mature fundamental processes in place are vital.

VSCP are not traditional employees that require significant investment. Nor are they consultants who are foreign and not part of your team. They are somewhere in between. As such, they tend to have greater access to C level executives. VSCP can be procured by days – you can hire a VSCP for Monday and Tuesday each week, for example – or for a certain number of hours each week. VSCPs typically work remotely, but schedule time on-site at least quarterly, or more often, as your budget and needs require.

In a Forbes article, Jon Younger explains that when a company “lacks the means to hire full time staff,” they can pull together essential skills and keep the business moving forward by combining full-time and freelance professionals together as a flexible, blended workforce. And increasingly, talent marketplaces are able to organize entire engineering or development teams on a “bolt-on” or plug and play basis.

There are downsides to VSCPs. Like all cybersecurity talent, the professionals are in high demand. There is an overall shortage in cybersecurity professionals. A recent Gartner report showed a 65% increase in demand for cybersecurity professionals and an estimated 3.5 million vacancy on the cybersecurity job market. Although they are easier to find than top-quality employees, it still can be difficult to find a quality VSCP. When you find a good VSCP, it’s important to retain them before their schedules become full. And like an employee, personality and team chemistry are important. Although they are remote, it is important that your security consultant fit your organization’s culture and gets along well with the team.

VSCPs are not an entirely new concept. Companies have been hiring Chief Information Security Officers (CISO) for years. Quality CISOs are difficult to find and expensive. A Virtual CISO (vCISO) is an outsourced security practitioner or provider who offers their time and insight to an organization on an ongoing basis, usually part-time. Working remotely, they are usually engaged to design an organization’s security strategy, and some may handle the implementation as well.  vCISOs are less expensive than staff Chief Information Security Officers and with a quick time-to-value.

IN CONCLUSION

The pandemic seems to be expanding this need to a wider range of security tasks. Staff are separated, budgets are tight, but viruses don’t respect deadlines. Projects still need to be completed despite today’s difficult environment. As another Forbes article points out, “Times are challenging, and it’s time to get creative. Organizations must find a way to respond to modern cyber-threats without stretching their financial resources. The vast majority of security budgets are spent on managed services, and that includes consultancy. Because internal security teams need external help, there is a move away from on-premises products towards services.

A virtual chief information security officer (vCISO) could deliver the most bang for your buck.

Here’s why:

Vast Experience and Proven Leadership
No Training Needed
Reduced Overhead
Flexibility
Faster On-boarding

The VSCP concept was reserved mostly for vCISOs, but times have changed and the concept is ready to be deployed for various types of roles.

This might take the shape of a Cybersecurity Compliance Director who ensures the company is aligned with NIST 800-53, FedRAMP, or HITRUST, or prepared for the 2020 CMMC audits. It might be a Privacy Officer who ensures the company is abiding by GDPR, CCPA, or new the privacy laws of Texas or Nevada, ensuring that the company can keep doing business in those states.

Taking a proactive stance on your company’s cybersecurity could mean setting up an incident response program, a SOC or a SIEM, or a disaster plan. Or maybe hire a penetration tester, AI/ML expert, or cryptographer.

The possibilities are numerous, but even if you could hire all the people you could want, you wouldn’t be able to keep up with the vast scale of the cybersecurity threat problem. Phishing scams are on the rise. Smaller companies are being targeted just as much as larger companies because they are known to lack the resources; so, they’re easier to hack. Cybercriminals are sophisticated and they stay informed. They constantly adapt messages to more effectively scam victims. The FTC estimates $100 million dollars in coronavirus stimulus checks have already been lost to fraudulent cyber crimes. The constant threat of cyberattacks presents a huge problem for all industries and guarding against it effectively requires constant attention. That is why IronOrbit has its own division that handles nothing but security and regulatory compliance.

During these difficult times, companies need to ensure they have SOC processes in place, utilize virtual cybersecurity professionals, and incorporate automated security measures. Probably in that order. Whatever you do, as they say at the end of MIT’s Business Lab podcast, get outside help. You don’t want to go it alone. With IronOrbit, you don’t have to. Learn more about how we can protect your company. Check out our Security and Compliance section and then  give us a call at (888) 753-5060.

Cybersecurity Recommendations for Companies During Pandemics

“This changes everything.” We’ve heard this many times before. Also, “This time, it’s different.”

Usually, it’s not different. Things feel different for a little while, and then things return to normal.

This time, I think, truly is different. The COVID-19 pandemic has forced most businesses to close their doors. Conferences, concerts, and sporting events have been cancelled. And companies have their employees working from home. More employees now work from home than ever before.

“When a crisis like the new coronavirus temporarily forces companies into remote work, it tends to show them that it can be done successfully,” says Kate Lister, president of Global Workplace Analytics and cited in the Chicago Tribune.

Remote work probably is here to stay. For that reason, honing your remote work policy is my number one recommendation during the pandemic. I also recommend working on and practicing your disaster and contingency planning policies, storing sensitive data centrally, and encrypting sensitive information.

 

A little background on me: I’m a former CIA officer, so I know a thing or two about traveling and working remotely. Almost 15 years ago, I started working “remotely” under minimal supervision. My work was representing the US Government in meetings with other governments. These were countries most people have never heard of.

When I left the Agency, I found myself consulting and working remotely for companies throughout the US and throughout the world. My clients extended as far away as Poland and Ukraine. I never met my clients Poland face to face. The business was entirely remote.

I co-founded a company. My partners and investors were based in Boston. I worked, you guessed it, from home. My responsibilities necessitated travel. I had to spend some personal time with my team in Boston. I spent about one week each month onsite.

The amount of time needed on-site could vary. While my startup required a good deal of me being onsite, many consulting projects were done remotely. I’d say most any job can be accomplished remotely.

There has been significant discomfort in the past about remote work. I have experienced this first hand. As I rose through the ranks at the CIA, people wanted me for increasingly senior positions. My working from home became more of a problem for my supervisors. Companies might be comfortable with a developer or designer telecommuting. They are definitely not comfortable when it comes to a job that involves managing a team. Last January, I had discussions with companies who loved my skills and experience. They wanted what I had to offer. But the distance and telecommuting was a deal-breaker. So they backed out because they were uncomfortable.

Technology has made Location Irrelevant

Before the coronavirus, management and HR policies were stuck with the old ways of doing things.

The need for physical distancing has forced us to work from home. Many business leaders, managers, and even employees were uncomfortable with the concept. Most will find remote work isn’t bad or scary. Many will even become comfortable with remote work as standard policy. An April 6, 2020 ZDNet article reported that 74% of CFOs say they expect to move previously on-site employees remote post-COVID-19. Gartner found that a quarter of respondents will move at least 20% of their on-site employees to remote work permanently.

Pandemic Recommendation #1: Hone the Remote Work Policy

Remote work is here to stay. Remote work maximizes worker time by cutting out commutes. It decreases the need for parking and office facilities. It saves energy too. Not as much gasoline is used. There are fewer traffic accidents. There is less pollution because people are not driving to work en mass.

But remote work also raises a whole new set of security issues. How do we keep customer or other sensitive data secure when that data is in an employee’s home?

Simple mistakes can lead to large consequences. Failing to patch a computer program or server invites hackers to exploit the flaw.

Do you remember the Equifax incident? Equifax couldn’t be counted on to patch its centralized systems.
Their systems contained huge amounts of personal information. How can we handle personal information printed on little Johnny’s color printer? No company wants to be responsible for the next Equifax-type incident because its employees are working from home.

Having employees work from home presents more vulnerable endpoints. “More personnel telecommuting adds to cybersecurity risks. These people carry devices packed with data. “Opening remote access creates more challenges,” according to Parry Aftab, Executive Director of The Cybersafety Group. Be sure you have considered endpoint security as part of expanded remote access.

And what happens if a worker is injured while working from home? Will they be eligible for Workers’ Compensation benefits?

For these reasons, my number one recommendation is to hone in on your Remote Work Policy. If you don’t already have a remote work policy, then you need one right away. What is the policy now, and what will it be after the crisis is over. If you do have one, now is a great time to review the policy. Make sure it still fits today’s needs and contexts. Update the policy as needed.

The policy should include the expectations of employees. What security measures are employees expected to use at home. Clarify legal liabilities. How will you protect privacy and remain GDPR and/or CCPA compliant? What are the company’s policies on equipment use and repairs? A complete Remote Work Policy will address these issues.

Ensure that employees maintain a safe remote work environment. Secure their devices with anti-malware software. These devices should have personal firewalls, and regular patching for software vulnerabilities.

Pandemic Recommendation #2: Disaster Preparedness & Contingency Plans

A few years ago, I was walking the halls of RSA with one of my clients, helping them make sense of the complex and confusing world of cybersecurity. RSA is *the* conference for cybersecurity. 45,000 people attend each year including more than 600 vendors. We were walking the expo halls. We saw an endless supply of hi-tech security offerings. There were vendors offering proactive protection. Some had advanced threat detection, while others had automated or AI-augmented remediation tools.

 

There were vendors offering proactive protection of one kind or another. Out of the 669 vendors at RSA, not one were there to help companies prepare for disaster recovery and contingency plans.

Out of the 669 vendors at RSA, how many were there to help companies prepare for disaster recovery and contingency plans? I didn’t see one. When it comes to pandemic, we’re mostly on our own. There is no Coronavirus as a Service (CaaS). When we face potential times of crisis, it’s a good reminder to test our continuity plans. If there are no continuity plans to test, then it is vital to create them.

It all starts with your business continuity & disaster recovery plan. Such a plan is a standard part of a NIST 800-53’s CP-1.
It includes strategies like having alternate data storage sites. Alternate data storage sites are important if the main storage site becomes inoperable or compromised. Backups should be in multiple locations far from each other. If one is on the west coast of the United States, the other should be on the east coast. The midwest is also a very good location for remote workers. That region is good for fail over data centers or other cloud resources.

You will want to review your plan. Identify and account for all assets, both technology and human.

Review alternate operations center options. Current areas of operations may become inaccessible. A pandemic may make it unsafe for people to congregate in one place. This is a good time to review or create work-from-home programs. Consider remote fractional vCISO services. Ensure you can maintain your security operations even if employees can’t physically come to the office.

Pandemic Recommendation #3: Store Everything Securely

With so many employees working from home, it’s easy for sensitive information to leak. Remote work often involves creating and editing work-related information. These can be emails, Word documents, and Excel spreadsheets. A customer’s personal identifying information could be left on a personal printer. Sensitive business information can end up on a CD that gets misplaced. There are number of possible security mishaps.

Imagine you recently became GDPR compliant. At a cost of more than $100,000 for 74% of organizations, according to a CPO Magazine article. If you don’t protect personal information at your worker’s homes, you might still be facing a GDPR fine. According to the UK Information Commissioner’s Office, a company in England was fined $340,000 for leaving documents with personal information unlocked,

To reduce this risk, it’s important to store files in a centralized location. A secure cloud is the best location. If the information stays in your cloud, it’s much less likely to end up somewhere it shouldn’t be.

Bio-based authentication and encrypting mobile devices prevents others from reading and using the information on a stolen or lost device.
Pandemic Recommendation #4: Encrypt Data

When more employees work from home, it’s more likely that their devices will be lost or stolen. Encrypting these devices prevents others from reading and using the information on a stolen or lost device. Full disk encryption on personal computers, phones, and tablets is a good method. It will encrypt all storage on the employee’s device. Or at least create an encrypted partition to store sensitive data.

Advanced Encryption Standard (AES) is a good encryption standard to use. The US Government uses AES to keep classified data secure, according to an article in TechRadar.

Even if an employee’s computer is encrypted, there are security risks. The data may not be encrypted when it’s in transport. If an employee has full-disk encryption, the data will not be encrypted in transit. Ensure that data is encrypted before transit. This way anyone who intercepts the data cannot do anything with it. Another good strategy is to set up a secure protocol like Transport Security Layer (TLS).

Technology can go a long way to keep your data secure, but security is essentially a people business. Most breaches occur when people make mistakes. There is no substitute for educating your team. Train and retrain them on the fundamentals. Establishing standards for shutting down each day is a good idea.

Ransomware Risk Mitigation: The Desktop-as-a-Service Solution

Ransomware is a dangerous and growing threat. Find out how security-minded executives establish best-in-class protection.

2019 has proven to be an alarming year for cybersecurity professionals and cyber-attacks show no signs of slowing down in 2020.

One cybersecurity firm characterized the rapidly growing pace of cyberthreats across all industries as an “unprecedented and unrelenting barrage”. Within 24 hours of its report, the City of New Orleans and several other municipal organizations fell victim to ransomware attacks.

But it’s not just large-scale enterprises and public institutions that are under attack. Small and mid-sized businesses offer low-hanging fruit for opportunistic cyber criminals, who often use automation to widen their area of attack.

Small businesses, large enterprises, and public institutions alike have all struggled to respond decisively to the ransomware threat. Until recently, executives had few options – and fewer defenses – in their fight against cybercrime. Now, Desktop as a Service (DaaS) solutions offer comprehensive, scalable ransomware protection services to organizations of all sizes.

 

What Exactly is Ransomware and How Does It Work?

 

There are several ways for a cyber intruder to take over your computer system without your knowledge. You won’t know about it until it’s too late.

The typical ransomware attack begins with the stealthy takeover of the victim’s computer. This may be accomplished through phishing, social engineering, or a sophisticated zero-day exploit – the goal is to have access to the network while remaining undetected.

Upon compromising the network, the cybercriminal can begin slowly encrypting important files. Most ransomware applications do this automatically, using a variety of different methods to evade detection. The process may take days, weeks, or months to complete.

Once the ransomware encryption algorithm reaches critical mass, it then locks users out of the network, displaying a ransom note demanding payment for a decryption key. Sometimes the demand is small – on the order of $500 to $1000 – and sometimes the demand reaches into six-figure sums.

Ransom demands are usually for bitcoins. “If one organization is willing to pay $500,000, the next may be willing to pay $600,000.”

Small sums make paying the ransom a tempting option, but a dangerous one. There is no guarantee that the cyber attacker will relinquish control of the network. Instead, executives who pay up reinforce the cybercriminal profit cycle. It is only a matter of time before the ransomware attacker strikes again.

Famous examples of ransomware variants include WannaCry, which spread to over 230,000 computers across 150 countries in 2017, and Petya. The WannaCry crisis targeted healthcare clinics and hospitals, causing untold damage and highlighted the risk that outdated IT systems represent in these industries.

Petya was unique because it did not encrypt specific files. Instead, it encrypted the local hard drive’s Master File Table, rendering the entire device unusable. There are dozens of other variants out there, and each one uses a unique strategy to take advantage of victims. NotPetya developed on Petya’s attack method, using the same vulnerability previously exploited by WannaCry.

Who Is At Risk of Ransomware Attacks?

 

Emsisoft reports that during the first half of 2019, 491 healthcare providers were hit with ransomware. The attacks are increasing and the demands are for larger ransoms.

Everyone. Although high-profile targets like hospitals and municipal institutions make headlines, thousands of business owners are defrauded every day. On average, one business falls victim to ransomware every 14 seconds.

Small and mid-sized businesses are especially vulnerable because they typically do not have access to the kind of comprehensive security resources that large enterprises can afford. Small businesses that do not rely on reputable third-party managed service providers make especially easy targets.

Cybercriminals have shown that they are willing to target hospitals and public institutions without shame. The greater the need for functioning IT systems is, the more likely the cybercriminals are to get paid. This is how the cybercrime profit cycle perpetuates itself.

What Can Small and Mid-sized Businesses Do About Ransomware?

 

Organizations caught unprepared have few options. Although cybersecurity experts correctly warn against paying the ransom, desperate business owners often pay anyways. But the relief is only temporary. 60% of small and mid-sized businesses victimized by cybercriminals do not recover and shut down within six months.

Preparation is key to successfully resisting a ransomware attack. Organizations that cannot afford to develop, implement, and deploy state-of-the-art security resources need to contract a reputable third-party vendor for the purpose.

Even enterprise-level organizations with tens of thousands of employees often find themselves opting for a managed solution instead of an in-house one. The cybersecurity industry is experiencing a widening talent shortage, making it difficult even for deep-pocketed businesses to hold on to their best security officers.

Introducing IronOrbit: Comprehensive Ransomware Protection

IronOrbit achieves best-in-class ransomware protection through a unique approach to cloud desktop hosting. Three key processes must work together flawlessly to guarantee ransomware resilience:

1.   Prevention

The best way to prevent a ransomware attack from taking place is preventing the initial malware deployment. Firewalls, email filters, content filters, and constant patch management all play a critical role in keeping malicious code out of DaaS systems.

Maintaining up-to-date software is more important than most executives and employees realize. Since NotPetya used the same attack vector as WannaCry, its victims entirely consisted of individuals and businesses who neglected to install security patches after the WannaCry crisis.

2.   Recovery

There is no way to guarantee 100% prevention. However, business owners and their IT teams can circumvent the damage ransomware causes with consistent backup and restoration tools. IronOrbit’s disaster recovery features can wind back the clock, reloading your entire suite of business systems to the state they were in just before the attack occurred.

3.   Remediation

Ransomware recovery cannot guarantee business continuity on its own without best-in-class remediation tools. Without the ability to trace the attack to its source in a fully logged environment, there is no way to tell whether the attack has been truly averted or not. IronOrbit uses state-of-the-art digital investigation tools to track ransomware attacks to their source and mitigate them.

Schedule a Consultation with an IronOrbit Security Expert

IronOrbit has helped numerous businesses capitalize on the efficiency and peace of mind that secure DaaS solutions offer. Protect your business from the threat of ransomware with the help of our expertise and knowledge.

 

Microsoft Intune Review: Putting It Up Against MobileIron

The world we live in is changing at an amazing pace.

The innovation enabled by the rapid growth and worldwide adoption of the internet has been absolutely incredible. Surely that’s no surprise to anyone connected today, but let’s take a moment to put it into perspective the jaw-dropping scope of the number of connected devices.

One of the trendiest buzzwords to hit the market today is the IoT (Internet of things). The IoT is exactly what it sounds like; a collection of devices that connect to the internet.

Map of the IOT landscape across the globe.
The Internet of Things

This could be anything from your Nest thermostat, that Tesla roadster parked in your garage, or the far more common smartphone sitting in your back pocket. Sounds like that could be a lot of connected ‘things’, right? Well, as of 2018, the IoT was a $151B market with 7B connected devices and is expected to reach 10B by 2020.

What exactly does this have to do with MobileIron or Intune? Well, as the number of connected devices skyrockets, organizations are scrambling to protect their data that could invariably find their way to those devices.

Traditionally, a business would view their datacenter as the security boundary. But as we dive into a more cloud-first, a mobile-first world that simply is no longer true. We need to ensure that data is protected, regardless of which ‘thing’ it ends up on. In order to accomplish that, businesses are transitioning to unified endpoint management (UEM) solutions like Intune and MobileIron.

Let’s dive into this Microsoft Intune review.

Application Management

In the past, companies would use device management solutions to enforce strict control over devices before granting them access. Sounds good, right? Well, what about situations where end-users bring their own devices or try to access your data from a device not owned by your company?

Sure, you could choose to block those devices but that means you’ll need to provide those users with devices to work with remotely. Even in that scenario, most individuals would prefer not to carry a personal device and a work device.

Modern management solutions take that struggle into account and allow application-level control of your data, regardless of what devices it ends up on. This is where solutions like Intune or MobileIron shine. They allow you to ensure that data you’re putting on a specific device stays on that device.

Mobile Device Management - MDM - separates and secures corporate data from personal data.
Mobile Device Management allows you to separate and secure corporate data from personal data.

You’re able to enforce data encryption. You’re able to ensure the data can’t be moved to an unmanaged location. As an administrator, you are able to effectively remove your data from that device when necessary.

Comparing Intune versus MobileIron in Managing Your Data

Now let’s take a minute to compare both Intune and MobileIron when it comes to managing your data on end-user owned devices (BYOD). Both solutions offer great functionality here; they grant you the ability to ensure that your data doesn’t leave the application that it started in. No copy/paste, no save to the device, no save to unsupported cloud locations, enforce encryption, etc.

The problem is that both solutions require you to use their client (Outlook, OneDrive, Apps, Docs, or Mail+). Things like the default applications in iOS and Android are out of the question due to a lack of SDK (Software Development Kit) support.

MobileIron struggles here because typically, in order for you to actually get the required app, you need to enroll the device and enforce a wider area of control. More control than some individuals are comfortable granting to their employer over their personal devices.

Intune’s MAM

Microsoft’s Intune allows for application management (MAM) without enrollment. Simply use the Outlook app (or OneDrive, SharePoint, Box, Dropbox, etc.) and sign-in from any device as you normally would to access your data. At that point, policies created by the administrator are enforced on the application itself and not on the device. Again, the goal here is to prevent someone from taking sensitive information and copying directly to their iOS mail app and forwarding it outside of your scope of influence.

Intune MAM illustration
Intune MAM separates and protects your personal from corporate data.

Consider that the Enterprise Mobility and Security license required for Intune also includes Azure AD Premium for auditing and reporting in Azure as well as Conditional Access to restrict access or require multifactor and it’s a pretty compelling argument for Intune.

The official graphic from Microsoft for Azure Active Directory Premium.

 Device Management

Management of the device as a whole is a little easier to accomplish and has been an industry mainstay for a decade. Both Intune and MobileIron are excellent options if you’re going to require all devices to be enrolled and managed centrally.

In fact, MobileIron was selected as the industry leader by Gartner in 2017. The problem of needing specific applications on the device to access the data is easily overcome by simply pushing the required application to the device in question.

Of course there’s more to working remotely than just using applications; you’re also able to push configuration like WiFi profiles to allow them to automatically connect to the office WiFi or deploying certificates to the device to allow a more secure, seamless sign in experience when they open up their work apps.

Requiring enrollment is the big gotcha here. It’s difficult to require an end-user to enroll their device; after all, it is theirs. And what happens when one of those 10B other connected devices is able to be integrated in the near future (here’s looking at you Alexa, Cortona, and Ford)?

Trending Forward

This is a 3D graphic illustrating how enterprise data is integrated securely, from the company's server to a mobile device information provider using MobileIron.

While MobileIron may be a great option for mobile device management today, there are some glaring limitations that they need to address. Today, MobileIron is truly only an MDM/MAM solution with Android and iOS in mind. It struggles with cloud integration for the directory which means that the future is a little murky when there may no longer be an on-premises ‘identity’ for your users.

It also doesn’t have a way to integrate Windows devices (or platforms that may operate as ‘dumb’ devices, like Alexa); which will be a key differentiator in the future as more and more of that IoT make their way into the business landscape.

Intune is already built with Azure Active Directory as it’s backbone to provide conditional access, multifactor authentication, and all the analytics and telemetry you need to find out who signed in, how many times, and from where.

Microsoft has positioned Intune as the clear replacement of System Center Configuration Manager (SCCM) for modern endpoint management, all while allowing for device co-management with SCCM still in the picture to handle legacy endpoints.

Intune Takes the Lead

Not only has Microsoft built a solution in Intune that disrupted the enterprise mobility market, they immediately doubled down by partnering with other major players to ensure that as industry evolves, they’ll not be left out.

Now all this isn’t to say that MobileIron (or any of the other current solutions) isn’t an excellent answer to the problem of securing your data on mobile devices. MobileIron scales incredibly well with numerous deployments exceeding 100,000k devices and there’s an on-premises offering for organizations that are entirely cloud adverse.

But the question really is; why would I choose MobileIron over Intune and considering the way that Microsoft has positioned themselves to take advantage of connected devices in the future with Azure, MobileIron has a tough time standing up.

SECURITY WARNING: The OpenSSL ‰ÛÏHeartbleed Bug‰Û

If you‰Ûªve ever submitted any kind of private or sensitive information to a website‰ÛÓincluding usernames, passwords, credit card numbers, social security numbers, addresses, and phone numbers‰ÛÓthis security alert applies to you.

This week, security researchers discovered a serious vulnerability in the OpenSSL encryption software. Two-thirds of all websites use OpenSSL, as do many email, instant messaging, and virtual private network (VPN) services.

These services use OpenSSL to establish an encrypted connection between them and the user (or between two or more users) to prevent the data transferred between the two from being intercepted.

Usually, not all of the pages on a website that uses OpenSSL are encrypted. Just the pages that require a secure connection. Like those where the users input their usernames and passwords or submit their credit card information.

The Heartbleed Bug Explained

The vulnerability in question has been nicknamed the ‰ÛÏHeartbleed Bug,‰Û since it is located in the code for the ‰ÛÏheartbeat extension,‰Û a part of OpenSSL that controls how long a secure connection can remain open.

A hacker could use this vulnerability to gain access to OpenSSL‰Ûªs encryption keys. Which could then be used to intercept and decode all data sent to and from the service.åÊ As well as steal access to any existing info stored in the service‰Ûªs databases.

Therefore, not only could a hacker with the OpenSSL encryption keys of a website intercept any data (usernames, passwords, credit card info, etc.) you send to the site after it‰Ûªs been hacked. The data that you submitted to the site in the years before the infiltration occurred is also at risk.

The first version of OpenSSL to include the ‰ÛÏHeartbleed Bug‰Û was released in December 2011. In addition, exploits of this vulnerability don‰Ûªt leave any trace. So, it‰Ûªs impossible to tell if a hacker has ever used the vulnerability to intercept or steal data from a certain website.

How to Protect Yourself From the HeartBleed Bug

The ‰ÛÏHeartbleed Bug‰Û in no way affects any of IronOrbit‰Ûªs hosted solutions, our website, or any of the systems that we use to process and store your payment information.

In general, though, here is what you need to do in order to protect yourself from this vulnerability:

  • Make sure that a site is secure before you send any of your sensitive data to it. You can use this app to check if a site has a secure version of OpenSSL.
  • Make a list of all of the websites that you‰Ûªve ever sent sensitive data to. Change your passwords for these websites only after you‰Ûªve confirmed that they are running a secure version of OpenSSL. Or alternatively, that they never used the insecure version of OpenSSL.
  • Find out if your company‰Ûªs website used or is using OpenSSL versions 1.01 through 1.01f. If it is, update OpenSSL to version 1.01g immediately. Then, replace your encryption keys, and ask any users that your site has to reset their passwords.

To ask for assistance in responding to the ‰ÛÏHeartbleed Bug‰Û or for more information, IronOrbit users should contact IronOrbit 24x7x365 technical support at [email protected] or (888) 753-5064.