Posted on: November 12, 2019 By: Sage Tourigny
We’re about halfway through the fourth quarter, which means the pressure is on to close as many year-end deals as possible.
Check out these tips to get you through the rest of 2019 and start 2020 on the right foot:
Trust In The Cloud
Let’s face it: the fourth quarter isn’t much fun when you’re selling a product that nobody wants.
When you offer a product that’s in high-demand, though—like the cloud— you can basically let the service sell itself. It helps to remember that more and more businesses are making the switch and also want to start the next decade off with a head start! According to a recent study, the cloud now accounts for one-quarter of overall IT spending.
Since you and your customers are on the same team, it’s just a matter of identifying companies that are in a position to migrate to the cloud or switch vendors, and having the right portfolio to deliver.
Go Heavy On UC
Businesses of all sizes and vertical markets can benefit from unified communications (UC)—from small companies with 10 users to large, multi-site enterprises. It’s a flexible technology that should absolutely be in your portfolio.
To start a conversation, you may want to ask customers whether their communications system is up to par heading into the busy holiday rush—and whether they think they could do better. Tell customers that UC can boost backend productivity, and it can improve the customer experience. There’s no reason why companies today should be using disparate communications services when everything can run over a single platform.
Focus On Cost Efficiency
Many organizations are currently struggling to manage costs and overall IT spending. So, look for an opportunity to discuss finances when approaching them about cloud services. Help form a cost reduction plan, and look for legacy services that can be moved off-site.
Make sure to tell your customers about how VoIP can maximize cost efficiency, through services like pooling and bursting. VoIP is also highly scalable.
Under Promise, Over Deliver
Remember: You’re not the only one approaching customers this time of year. Customers are getting contacted left and right, including associates who are promising the world in hopes of getting them to sign up for their services.
Whatever you do, don’t make empty promises that you won’t be able to fulfill down the line. The better approach is to make an honest offer, and to have a vendor that will step in and impress the customer along every step of the process. In the midst of many too-good-to-be-true promises, keeping it real with your customers can be just what they needed to hear.
The fourth quarter isn’t just about closing deals. It’s also about setting yourself up for success throughout the following year.
Now is a great time to reflect on own your own portfolio of solutions, to see if you can improve it. Perhaps it’s time to consolidate your offerings down to a single vendor—one offering a Full Spectrum portfolio of end-to-end solutions.
Posted on: November 1, 2019 By: Carolyn Kuczynski
As an employee or owner of a small or medium-sized business (SMB), it can be easy to think that your organization is not a prime target for cyber attacks. Larger, more established enterprises have more assets under their control, plus their higher notoriety means that attackers can gain greater publicity for successfully breaching their defenses. Unsurprisingly, the most famous cybersecurity breaches in recent memory have all involved major firms such as Experian and Target and not SMBs.
But SMBs can’t rest on their laurels and assume they’ll never be affected just because they’re small businesses. The enormous number of SMBs in the U.S. – companies with 500 or fewer workers account for more than 99% of all the country’s employer firms, according to the Census Bureau – as well as their relatively limited network security capabilities make them very vulnerable to cyber-attacks. It’s imperative to implement multiple lines of defense to keep your business network safe from harm.
What are the biggest threats to small business network security?
To understand where SMBs are most susceptible to threats such as malware infections, we first have to look at how a typical small business cyber defense is assembled and what key pieces might be missing from its puzzle.
With limited budgetary resources at their disposal, many small business owners aren’t able to invest in the multilayered defenses necessary for keeping internal and external threats at bay. That means that while they have basic antivirus software and/or an intrusion detection system in place – which are necessary, but not sufficient, for fending off attacks – they might not have the wherewithal to implement additional, complementary cybersecurity measures, such as two-factor authentication or ongoing employee training.
Such protections are essential to securing the numerous endpoints involved in modern SMB operations. Without these safeguards present, SMBs can easily become victims of preventable attacks that compromise their sensitive data, damage their reputations and put their very existence in danger. In fact, 60% of hacked SMBs go out of business within six months of a cyber attack.
A joint report from Keeper Security and the Ponemon Institute provided more detail on how small businesses frequently struggle when pressure is placed on their networks:
- For the fiscal year 2018, 82% of SMBs reported a security breach involving exploits and malware evading their AV solutions; 72% said the same in relation to their intrusion detection systems. Both figures were up from FY 2017.
- The top three most vulnerable endpoints identified by survey respondents were mobile devices (cited by 55%), laptops (49%) and cloud systems (42%). All three can be difficult to control, as they regularly move in and out of a company’s perimeter defenses.
- Employee/contractor negligence was seen as the top cause of data breaches, with “third-party mistakes” in second. This finding shows how an effective network security strategy must guard against sloppiness and raise overall awareness of common risks.
- Phishing and social engineering attacks, which often take advantage of unfamiliarity with their tactics and the lack of security measures such as email filtering, were the most common type of attack, followed by web-based schemes.
- Overall, two-thirds of small businesses had experienced a cyber attack in the last 12 months as of FY 2018, up from 61% in FY 2017. More than half (58%) had fallen victim to a data breach, compared to 54% the year before.
The solution is straightforward, at least on paper: Invest more in security software and hardware, and increase employee education and training. While the latter can be done internally, procuring the former is often best done via a managed security services provider (MSSP), which can handle many of the key functions that would normally be beyond the capabilities of an SMB with its relatively constrained budget.
Indeed, the 2019 State of IT report from Spiceworks found that larger enterprises were more likely than their SMB counterparts to spend their hardware funds on security gear. More of them also planned to increase their total budgets in response to security concerns, whereas SMBs were mostly doing so because of corporate tax cuts.
Securing a small business network against cyber attacks and security breaches isn’t easy, due to the intersection of limited funds, sophisticated threats, numerous endpoints and, most importantly, mobile devices. That said, there are proven security measures that will lower a company’s risk. Let’s look at a few of them in more depth.
MSSPs such as Telesystem can reinforce your network with a combination of technically advanced yet cost-effective security solutions. The most common measures include firewalling, intrusion and data loss prevention, content filtering, server protection, and applicational control.
These services may be paired with more conventional offerings such as AV software and virtual private networks (VPNs) for comprehensive defense. Since security technologies and the threats they address are always changing, it’s prudent to partner with an MSSP that can keep everything up-to-date and properly configured, saving your SMB staff the time and expense of doing so themselves.
What does a phishing scam look like? Every employee and contractor who is close to an organization’s sensitive data should have an answer to this question.
Phishing and social engineering are perennially popular ways to attack SMB networks, in part because they can circumvent AV solutions and intrusion prevention systems. Fortunately, they often contain some tell-tale characteristics, including but not limited to:
- Typos and grammatical errors.
- Lengthy return addresses, possibly with unfamiliar domains.
- Claims that they’re from government agencies (unlikely).
- Urgent instructions to take action.
- Mysterious attachments the recipient wasn’t expecting.
Beyond phishing, employees and contractors should also become familiar with best practices such as password management. Forty percent of the Keeper/Ponemon respondents said their firms had been victims of attacks tied to weak passwords.
It’s important to direct everyone toward tools that can generate and manage passwords automatically, or at the very least toward techniques such as creating a strong password from an abbreviated phrase and not recycling passwords across sites. Single sign-on, tied to one strong password reinforced with two-factor authentication (see below), is another great option.
Also known as multi-factor authentication, this security measure requires the entry of an additional credential after a successful login with a username and password. The extra factor could be a code sent via SMS or email, a prompt on a separate device, a biometric reading or something else.
Requiring two or more factors for access can limit the damage from someone’s password being stolen. Plus, it generally improves an SMB’s security posture by making it easier to enforce access controls and policies.
A VPN facilitates secure access over an IP network such as the public internet. For employees who need to access company resources from a branch site or on the go, VPNs are crucial for ensuring that business data isn’t intercepted.
Telesystem offers both site-to-site VPNs and remote access VPN clients. Going through an MSSP is advisable since free VPN services often don’t provide any verification of how they handle the connection or whether they log user activity.
If your SMB works in a regulated space such as healthcare or education, enterprise managed Wi-Fi is a particularly good option for protecting sensitive data and defending against the most prevalent cyber-attacks. Wi-Fi networks can become soft targets for attackers who might take advantage of loose security or unsegmented access to breach important records.
With a managed solution, the provider takes care of all installation, router setup and maintenance, hosting, proactive monitoring, and technical support. Accordingly, SMBs don’t worry about keeping everything current or keeping tabs on possible security issues on their own. Managed Wi-Fi also allows for easy setup of guest SSIDs that are independent of the main company network, meaning any risky activity that takes place on them is cordoned off.
Distributed denial-of-service (DDoS) attacks can embarrass an SMB by taking its site offline for hours or more at a time. Over time, these attacks have become larger in peak bandwidth and more varied in their attack surfaces. They might exploit one or more common network protocols, such as DNS, UDP or NTP.
Defending against a DDoS attack requires considerable network resources, which many SMBs do not normally possess. However, some MSSPs can provide them as part of a larger network security offering.
Telesystem customers get anti-DDoS mitigation at no extra charge with all services that pass through the Telesystem network core. This DDoS protection can be combined with other managed security services, from VPNs and email filtering to firewalls and antivirus software, to protect against not only DDoS attacks but a wide variety of threats that could bring down a small business network.
The threats to SMB networks will only increase with time as cyber attackers deploy both new and old tactics for slipping past company defenses. Staying safe will require an airtight security strategy combining employee education, managed network defenses, access controls and much more.
Working with an experienced MSSP is a much easier route than going it alone. With more than 25 years of serving customers and a nationwide footprint, Telesystem can provide the expertise and technical solutions to shore up your SMB’s protections and help you continue to focus on your organization’s primary mission. To learn more, visit our security solutions page or contact a member of our team today for more information on how we can serve you.
Posted on: October 22, 2019 By: Carolyn Kuczynski
When organizations set goals to reduce development cycles and accelerate time to market for products and services, and revamp business processes to increase efficiencies and enhance the customer experience, they need a well-defined, meticulously executed data strategy.
To make it all happen, IT plays an inescapable role. Organizations no longer view IT as some invisible entity hidden in the background that is called upon only for problems. IT touches everything, from the security badge to enter an office building, to each employee’s daily tasks, to every digital interaction with partners and customers—and a myriad of day-to-day touch points in between.
As part of its broad set of responsibilities, IT runs the infrastructure and apps that support data strategies, enabling data capture and security, and working with line-of-business managers to make smart data-driven decisions. IT needs the support of leadership. IT needs the right tools and knowhow. This means investing in technology, infrastructure, security and third-party expert contracts to execute a data strategy.
Achieving IT Agility
Currently, 48% of businesses are making substantial investments in digital capabilities, and another 57% will be doing the same in two years, according to IDC. These investments are essential for leveraging data to connect with customers in exciting new ways, adding new revenue streams and improving operational efficiency.
Competing in the new digital world order requires greater IT agility. Many IT teams struggle with legacy systems and inconsistent configurations that hinder reliability while driving up costs, inflexible deployment options that lead to overprovisioning and under-utilized assets and limited platforms that hamper development of new services, according to IDC. Teams also struggle with limited skills availability, the need to develop new applications, cloud migrations, network latency issues and lack of automation.
Thankfully, new tools, platforms and applications are giving IT the means to help organizations harness the power of data. Tools driven by analytics and artificial intelligence (AI) are making it easier to manage IT resources, cloud services are giving companies more access to new technology and automation tools are simplifying management of multi-cloud environments.
Building An Adaptive Network
To achieve IT agility, organizations need adaptive networks as the foundation. Even though companies increasingly rely on the cloud for their workloads, they still need robust networks to support data collection and digital interactions with partners and customers.
But not all network assets reside either in the cloud or on premise. To achieve the agility organizations need to make real-time decisions, many are deploying sites at the network edge for data processing and analysis. This approach eliminates the latency that occurs when data has to travel to and from a cloud infrastructure. Edge computing, therefore, enables real-time decisions by making it possible to process data closer to its source.
As such, edge computing improves operational efficiency, allowing organizations to leverage a hybrid-cloud approach alongside an adaptive network infrastructure. Ultimately, the edge will make it possible for organizations to optimize the efficiency of their data and application so they can take advantage of emerging technologies.
But for that to happen, the network has to be highly available. It requires a dynamic, flexible architecture to support connectivity and interaction between multiple clouds—both private and public—in hybrid environments. Many companies have moved workloads such as website management and email to the cloud, while keeping business-critical applications such as inventory systems and data warehousing on premise.
Software defined networking (SDN) and network function virtualization (NFV) are lending functionality and flexibility to adaptive networks, automating functions that traditionally have been time-consuming and costly. Network managers can provision managed services from a network provider, including firewalls and routers. SDN and NFV also enable load balancing and traffic rerouting, both in a programmable way and on the fly, to ease network bottlenecking.
As data moves in, out and within adaptive networks, it requires protection. A single data breach can cost millions of dollars in lost productivity, recovery, mitigation and the erosion of partner and customer trust. Protecting data is fundamental to the success of a digital business strategy.
But security is a complicated affair, as data flows in from multiple sources in various formats. Connections between the network and the cloud must be secured. And as networks grow, they are increasingly distributed across dozens, hundreds or thousands of locations, and millions of network devices, often crossing borders and continents.
It’s hard for organizations to manage security on their own, considering all the security layers that must be in place. As companies become increasingly reliant on digital resources, they must protect their physical and virtual assets—whether on premise in the cloud or at the edge—with a comprehensive security approach. While cloud providers are in charge of protecting data within their environments, organizations are responsible for data on premise or traveling back and forth.
Finding Trusted Partners
More and more organizations are engaging managed security providers to help them manage the complexity of securing their networks and data. Partners bring skills that are in short supply and advanced tools, including AI and machine learning techniques, to secure hybrid environments.
The right security partner can deliver a holistic set of services that includes advanced detection techniques, threat intelligence to spot new hazards, vulnerability testing, access and authentication protocols and protection against distributed denial of service (DDoS) attacks.
But partners can deliver more than security, including managed services that bring efficiency and visibility into network management, as well as consulting services to help with the planning and execution of digital business strategies. Partners also help organizations make sense of the data they capture and guide them in making smart data-driven decisions.
Companies that combine internal and external resources to develop their data strategies find a smoother path into their digital future. This allows them to perfect business operations processes, eliminate effort duplication, cut costs and deliver personalized customer experiences. And that’s why data is at the heart of every digital business strategy.
Read the full IDC Harnessing Your Data to Deliver Better Experiences and Drive Digital Transformation Report
Posted on: October 15, 2019 By: Carolyn Kuczynski
Let’s be honest: The idea of opening a massive contact center probably isn’t all that appealing, especially if you are a startup or small to medium-sized business operating on a tight budget and trying to run an agile operation.
Building a traditional contact center, after all, is no small ordeal. It requires a lot of space, hiring dedicated staff members, securing premium communications infrastructure, and so on. All things considered, a contact center can be one of the most resource-intensive departments in company.
Despite these challenges, contact centers are extremely important—more so, in fact, than ever before. In the age of the customer experience (CX), where expectations are through the roof, ensuring a seamless and helpful interaction with your brand has become one of the golden rules of doing business. According to Salesforce, 47 percent of customers claim they will stop buying from a company if they have a subpar experience; 76 percent of customers say it’s easier than ever to take their business elsewhere.
The Departmental Contact Center
Without the services of a contact center, it’s just about impossible to keep customers satisfied—putting business owners today in a tough predicament about how to proceed. As a workaround, many businesses are embracing the idea of informal, or departmental, contact centers.
A departmental contact center is one where non-traditional employees (like sales associates or IT personnel) are empowered to interact with customers over channels like voice, email, and live chat. It can reduce or eliminate the need to hire full-time customer service representatives.
Departmental contact centers typically leverage a cloud communications platform, which can be accessed securely from any location. All communication takes place over a centralized, cloud-based portal—in effect, enabling a borderless customer service department.
The Benefits Of Departmental Contact Centers
Some of the top benefits to using a departmental contact center include:
Reduced CAPEX & OPEX
By taking an informal, departmental approach, and leveraging cloud software, a business can provide strong customer service without having to spend enormous amounts of money on backend telephony infrastructure and agent-facing equipment. It will also eliminate all overhead that would otherwise have to be spent on a physical contact center (like floor space, seats, utilities, and so on).
Keep Employees Connected
In a traditional contact center environment, dedicated agents handle most customer-facing interactions. Information is entered into a customer relationship management (CRM) portal, where it can then be exported to other teams like sales, marketing, and Research and Development. One of the downsides to this environment is that it creates a barrier—and a disconnection—between customers and employees. All too often, critical customer data simply goes unused. By allowing high-ranking team members to communicate directly with customers, it can serve as a valuable educational component that can lead to better products and services, and happier customers in the long run.
Customers, of course, will appreciate connecting with experienced team members instead of part time call center agents. For example, imagine using a software as a service (SaaS) solution to run a business, running into a problem and contacting customer support—and instead of speaking with a regular agent, you connect with a lead developer who knows the ins and outs of the software better than anyone. This type of experience will foster feelings of strong brand loyalty—and it will reinforce the message that the company really cares about providing great support, to the point where workers will take time out of their busy day to help solve problems.
Posted on: By: Carolyn Kuczynski
Our bring your own network (BYON), access-agnostic solutions equip your customers to easily swap phone systems and migrate to the latest communications and networking technologies they need while keeping their underlying connectivity in place. Cloud-based Unified Communications as a Service (UCaaS), value-added SD-WAN and managed security services will improve customer engagement, employee productivity, network performance, service reliability and cyberthreat protection.
Featured BYON Windstream Enterprise solutions include:
- SD-WAN – Choose the technology platform that is right for your business from two of the leading WAN edge infrastructure providers— VeloCloud or Fortinet—both options are recognized as leaders in Gartner’s Magic Quadrant, provide PCI DSS compliance, and leverage our state-of-the-art partner portal
- UCaaS – Our many “flavors” of Unified Communications as a Service offer a more connected, collaborative workforce, with instant messaging, chat, presence, mobility, conferencing and CRM integrations—all backed by a world-class network with 99.99% always-on reliability
- Security and Compliance – Most experts agree that a security breach for most companies is no longer a question of if it will happen, but when it will happen. Our suite of Security Services includes Cloud and CPE Firewalls, SIEM and DDoS Mitigation to shield the most sophisticated threats.
Enjoy big payouts. In addition to our standard competitive residual monthly compensation, we’ll give you a 5% bonus residual and up to 4X accelerator for BYON services!
Everything you need from a single source. If you’re also looking for network solutions, either as a replacement or for diversity, we can do it all—BYON, network solutions or both.
Want to Learn more? E-mail Windstream Enterprise
Posted on: October 11, 2019 By: Carolyn Kuczynski
If you run a small- to medium-sized business (SMB), chances are that you’re already aware that cybersecurity should be a concern. In fact, a recent survey from AppRiver found that more than half (58%) of SMBs in the U.S. are more worried about getting hacked than they are about a flood, a fire, a transit strike, or even a physical break-in of their offices.
The question is, what are you going to do about it? Staying secure on a budget can be a challenge for SMBs – a problem that’s often exacerbated by a lack of in-house security expertise. Turning to cost-effective managed services is a good solution – but there are also plenty of tactics that you can implement to minimize your risk.
Understand the Hacker Tricks of the Trade
Cyberattackers are savvy and adaptable, but there are a few common techniques that they use on a regular basis. Understanding what these are can help you protect your business.
Far and away, the most common way an attacker infiltrates networks and harvests sensitive data is through phishing.
Phishing works like this: A victim will receive an email claiming to be from someone they know, or from an organization they recognize or perhaps even deal with often. These emails sometimes clearly stand out as spam, but in other cases, the impersonation will be hard to spot: the adversary will take great pains to make it look and sound like a legitimate email, complete with authentic-looking logos.
Within that phishing email will be a malicious link, attached document, or an app. When a user clicks on a link, it will take them to what looks like a legitimate page with a log-in screen. That page is actually fake (or “spoofed”), and when the victim puts in his or her credentials, the hacker is able to grab them and gain unauthorized access to the victim’s account. In the case of an attachment or app, opening it usually results in malware being installed on the victim’s machine. That virus or a trojan gives hackers access to the data on the victim’s computer or phone (for instance, it could be a keylogger, which captures what the victim types to uncover user names and passwords), and also allows them to gain a foothold on the company network.
There are also watering-hole attacks to worry about. Here, an attacker might create a fake website that offers information that a specific target might be interested in – industry-specific articles or “how-to” blogs, for instance – while in the background it is executing malware on the visitor’s computer. In a variation of this, adversaries create fake mobile apps that appear to do something useful; but when installed, they turn out to be malware.
A third common attack method is via malicious Wi-Fi networks in public places. A hacker can use software to set up a wireless access point (with an innocuous or attractive name like “free public Wi-Fi”) – and once someone has connected to it, a hacker can intercept and eavesdrop on any traffic that flows through it.
There are other techniques out there as well, but these are common tricks to watch out for.
Employee Training: A Crucial Line of Defense
All three of these attack types require the user to take some kind of action – click on a link, download an attachment, visit a dodgy website, download a rogue app, or connect to an untrusted Wi-Fi network. And that means that the attacks can be prevented with good security hygiene.
Training your employees is a critical first line of defense against these opportunistic kinds of attacks. For starters, implement the doctrine of verification: Before clicking on a link or downloading an attachment in an email, send a separate email to the supposed sender to make sure the person did indeed send the message – especially for anything unsolicited. Better yet, pick up the phone and call the person.
Another training tactic is to learn to always hover over a link to make sure it’s the legitimate address. Malicious links won’t have the proper URL – however, they may have similar-sounding URLs. If the message claims to be from the Bank of Peter, the malicious link may read something like www.bankof.peter.com or www.bankofpeeter.com instead of www.bankofpeter.com.
In a similar vein, employees should be trained to never download an app from a third-party app store. Even if they do download something from Google Play or the Apple App Store, advise them to read the reviews to make sure all is on the up-and-up; sometimes bad apps do get through.
And finally, on-the-go employees should be wary of public Wi-Fi, and should always verify the legitimate SSID with the airport, café, or other operator of the space. It’s also a good idea to use a VPN – there are plenty of free offerings.
Require Best Practices
Along with basic security training, SMBs should always ensure that best practices are being carried out. For instance, all software should be kept up-to-date. Most of the time, a malicious attachment or watering-hole attack will only be successful if there are unpatched software vulnerabilities on the target machines.
For any cloud services, employees should be required to enable two-factor authentication (2FA), which will make it necessary to enter a one-time password that’s sent to a mobile phone before the user can log in. That way, even if hackers somehow gain a user’s credentials, they still won’t be able to log in because they don’t have access to that user’s mobile device.
Speaking of which, password hygiene is critical as well. Businesses should be thinking about complex passwords which include a combination of letters, numbers, and special characters. SMBs should require that their users change these often, are unique and not used anywhere else. In a similar vein, users should make sure that their website security questions are difficult – not information that could be gleaned from social media or elsewhere, such as your mother’s maiden name or the city where you were born – and consider making up the answers to thwart hackers even further.
Simple Administrative Fixes
Beyond user actions, there are simple actions that SMB network administrators can take to help their companies get out of the “low-hanging fruit” camp. Most hackers are looking for an easy score. Anything that raises the bar of effort for them – even a little bit – will cause them to move onto the next potential victim rather than expend any more time and effort on something that isn’t easy.
To start, enable firewalls and traffic encryption – you can easily enable the basic tools that come with your networking gear. Secondly, make sure that all default passwords on devices connected to the network are changed to unique combinations, and keep the software and firmware up-to-date. Next, replace any systems with outdated operating systems like Windows 7 – Microsoft no longer supports these, and there are known vulnerabilities that hackers can easily exploit to gain access.
And finally, think about permissions. Take steps to manage and limit access to data, drives, and systems for those employees that don’t need it. Also, don’t forget to deactivate access for those who don’t need it anymore – ex-employees are a leading cause of data theft.
The bottom line: as a small business, you are a primary target for hackers. Make time for these easy steps today to avoid difficult situations in the future. Need help securing your business or want to learn more? Visit www.tpx.com/managedIT or call 888-407-9594.
About the Author
Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.
Posted on: By: Carolyn Kuczynski
Yes! It’s a Match Made in Heaven!
Posted on: October 8, 2019 By: Carolyn Kuczynski
By Chris Betz, Chief Security Officer, CenturyLink
Let me put it another way: Security can be complex. The true art is making security easy to use.
As a Fortune 150 company and the second largest U.S. communications provider to global enterprise customers, we are responsible for securing our own operations through a suite of hybrid IT, cloud, networking and communications solutions — in addition to those of our customers. As CSO for this company, I can attest to the fact that the pressures security leaders face today are many.
On one hand, we have the explosion of network traffic spurred by video, 5G, IoT, connected devices and a mobile workforce; on the other, we have a justified and growing intolerance by users — both internal and external — for anything less than always-on, flawless performance. Couple this with the patchwork nature of many of today’s security solutions, which businesses are often left to stitch together on their own; the gap between security and engineering teams that often reflects security as an afterthought; and the shortage of qualified security professionals — and the picture can seem bleak.
But security can be simple: We believe that the inherent value of a security solutions provider should first and foremost be effective simplicity.
At CenturyLink, our security builds on two fundamental directives: to leverage our expansive global threat visibility and to act against the threats we see. Our unique and deep network-based threat intelligence makes our approach possible — and it is the foundation of Connected Security, our vision for seamless integration between security and the network to transform the communications of tomorrow.
The more we can do as a global security services provider to identify or impact malicious traffic before it hits our customers’ infrastructure, the better customers can focus and prioritize their resources elsewhere. This is the promise of Connected Security and the premise upon which we have transformed our network into a threat sensor and proactive defense platform.
Disrupting the security threats that we face today — and the threats we will face tomorrow — requires more than intelligence. It requires a collective commitment to share what we see and to act on what we know. We look forward to continuing to work together as we drive toward simplifying security.
Click here to view and download the full CenturyLink 2019 Threat Report: https://www.centurylink.com/asset/business/enterprise/report/2019-threat-research-report.pdf
October is National Cybersecurity Awareness Month and as a CenturyLink Channel Partner, you have access to sell CenturyLink’s full suite of trusted Security Solutions. For more information, please contact your Channel Manager or Partners@CenturyLink.com.
Posted on: October 4, 2019 By: Carolyn Kuczynski
While many businesses still tend to run their own IT, the challenges facing these internal teams is increasing.
IT departments continue to get asked to do more with less. While larger organizations can afford more deeply staffed departments, many smaller businesses run lean, with employees wearing many hats. As workloads increase, so do resolution times. The pace of technological change today can mean that while teams try their best, their skills are falling behind the times.
Resources are also increasingly scarce. According to recent research, more than three-quarters of corporate IT budgets are spent on maintenance of existing infrastructure. That means there is little to spend on innovating, optimizing or education — another way teams fall behind.
As support staff come under increased pressure, IT heroics become more commonplace — and that inevitably leads to serious failure or breach.
Is your IT team at risk?
You are at risk if current workloads prevent engineers from taking time off from work to renew or obtain relevant certifications. Are they being asked to take on this time-consuming work after hours, after spending their days putting out fires? How is their current workload impacting their quality of life? Given how aggressively companies are recruiting for IT these days — especially cloud and cybersecurity talent — what would the impact be to your business if a key engineer was lured away by a better salary, stock options and the promise of a fresh start?
Also consider what happens to the other “less urgent” tasks that get pushed aside during a fire drill. The more often this happens, the larger the support queue becomes, and the cycle feeds itself and worsens.
Yes, the occasional fire drill is going to happen, but if they become frequent, it’s time to seek outside help. Heroics just don’t scale.
And by outside help, I’m not talking about teams that spin up their own cloud resources with a corporate credit card and a web browser. While that was difficult once upon a time, it has now become so incredibly easy to acquire new IT resources that the concepts of rogue or shadow IT, application sprawl and overall loss of IT control is a top concern right along with a lack of IT talent.
Developing a talent strategy
Instead of chasing after unauthorized cloud accounts, leaders must consider their overall IT talent strategy. How relevant are current IT staff skills and certifications? Is it possible to attract the right talent? Pay for it? Honest answers to these questions may mean it’s time to consider finding a strategic partner.
Working with experienced partners is one way businesses are relieving internal IT support pressures. But how do you find the right one? First, focus on matching potential partners’ skills sets and track record with your specific needs. Quality IT partners will want to learn about your business holistically, not just from a hardware or software-slinging viewpoint. Beware of partners that propose solutions without taking the time to learn about your IT staff’s capabilities or leadership business objectives.
Of course, there are times when you just need to get some more software licenses or replace some aging hardware, but even then, a good partner will ask the “why” behind those purchasing decisions, so they can offer you the right recommendations.
Ask the right questions
Understanding vendor best practices can mean the difference between a successful implementation versus a massive security, performance or financial mistake. When implementing third party support, ask vendors where the lines are drawn. They should easily be able to answer questions like:
- Which party owns various support tasks?
- What does incident escalation look like?
- Who owns escalation to outside vendors?
- What are the SLA details?
Stepping back for a bigger picture view, ask questions during the sales process about the partner’s experience and depth of support bench:
- How many engineers do they have on the team supporting this technology?
- How long have they been supporting it?
- What certifications do they have, and how many?
The deeper the vendor support bench, the faster and more accurately a problem can be solved. Consider the following analogy: When a car pulls into the pit during a race, a team of well-trained mechanics scurry over the wall and quickly replace tires, add fuel, clean windows, adjust fairings and update the driver on race tactics, and about eight seconds later the car speeds off.
How would that scenario play out with a pit crew of only two people? Even if they have great skills and experience, a two-person pit crew simply cannot match the eight-person team performance, so their pit stop may take 15-20 seconds instead of eight seconds. This is not a slight toward the pit crew at all, they did their best and were certainly capable. It just comes down to pure math; in this support scenario having deep benches makes a dramatic difference. The same applies to tech support staffing.
In summary, relying on your engineers to repeatedly perform acts of technical heroism on a regular basis is a sign that your team needs relief. Burning out quality employees can lead to recruiting losses.
Conversely, connecting with an experienced and well-staffed partner can relieve the stress your teams are enduring, freeing them up to focus on more enriching and beneficial technical pursuits.
Seeking an expert strategic partner? Consider Rackspace.
Posted on: September 30, 2019 By: Carolyn Kuczynski
Written by Anil Kanwar –
In today’s business environment, companies that want to stay relevant and competitive need to understand how to take advantage of Digital Transformation to evolve with their customer and markets. Yet in Canada only 19% of mid-market companies have reached an advanced level of digital maturity as assessed by BDC on digital technologies and digital culture. The vast majority of these businesses struggle with removing their own barriers to evolution. Over my 23 years of global experience in Information Technology & Business transformation, with the last 6 years with a focus on Canadian enterprises and mid-market organizations, I have helped many organizations successfully complete this transformation. During this time, I have also seen first-hand the challenges facing most mid-sized companies in their evolution. Specifically, 3 general barriers to successful cloud adoption are common in the Canadian marketplace:
1. Perhaps the most important challenge I have seen is the lack of an inclusive cloud adoption framework. In the Canadian mid-market specifically, businesses have not made the adjustment from traditional technology purchasing practices to cloud and on-demand service adoption. The buying process is still owned by the IT department and is executed in a tactical, reactive way rather than with strategy and planning baked-in to the execution. In many instances critical business and functional groups are not incorporated into the process. This often leads to poor realization of the cloud’s value to the business and to a narrow perspective of the cloud, how to use it, and how to best leverage value out of such services. Instead of fostering a strategic change and transformation, IT planning becomes focused on point tools and solutions, instead of offering a transformative new way of doing business. As a personal observation, in many cases that I have supported, a lack of an inclusive cloud adoption framework has added tens of thousands of dollars in additional costs, delayed delivery times and even caused project cancellation due to a poorly defined cloud economics.
2. The second barrier is often a lack of access to critical skilled resources. The Information and Communications technology Council (ICTC), a policy advisor to businesses and governments across Canada predicts a shortage of approximately 216,000 technical resources in Information and Communications Technology (ICT) sector by 2021. This expertise gap refers to Social, Mobile, Analytics, Cloud along with IoT and emerging digital technologies like Augmented Reality, Artificial Intelligence, 5G, Blockchain and 3D printing. Even for organizations that have great talent resources, in most cases they are too busy keeping the lights on to focus on innovation or generating real business value. As a result, cloud adoption is often limited to “lift and shift”, rather than true IT evolution or Digital Transformation. Ultimately, these businesses end up ignoring enabling technologies and practices that could help them focus on transformative ways of delivering business applications, improving customer/user experience, and driving business value.
3. Lastly, there’s cloud security and compliance. For someone who has been doing cloud for as long as I have, this is the one I had thought was long addressed. Yet with many organizations there is still a prevalent belief that cloud is less secure, along with traditional concerns about data residency and sovereignty. It is important to note that in the various shared models- IaaS, PaaS, SaaS- security concerns vary based on service delineations between service provider and customer. Cloud providers have a vested interest in protecting their reputation. They have access to the best resources who are specifically focused on following security best practices. And they abide by stringent compliance frameworks and audits as part of their operations. Many of these capabilities are beyond typical mid-sized organization – simply put, a provider whose sole reason for being is to provide robust, secure, highly available infrastructure, is generally going to provide better outcomes than your business staff, who should be focused on your business’ core value operations instead of IT maintenance activities.
I was recently engaged with a global technology company undergoing its own cloud transformation. They had settled, without a clear cloud adoption framework , on a single hyperscaler cloud for their VMware workload. Through a structured cloud adoption framework, we were able to establish consensus across the organization, expand their ecosystem to multiple clouds via an application centric/ best execution venue approach and deliver on defined business outcome.
The professional services support expedited their application launch by enabling them on key cloud services like automation and security across multi-cloud deployments. This experience illustrates how Mid-market organizations in Canada face similar challenges in adopting cloud as their much larger counterparts but must find a way to do so with less expertise and fewer resources. Hence, finding the right managed services and professional services partner is critical to success in digital transformation.
To conclude, I believe the Canadian mid-market segment has not only the need to adopt digital technologies but also to appropriately manage these assets to effectively compete in the global market. The findings of digital maturity assessments done by BDC and MIT, proved that businesses with higher digital maturity outperformed less mature firms on multiple financial measurements.
Written by Anil Kanwar
Anil is a Solution Architect and is responsible for working with enterprise customers to understand their IT strategy, provide assessments of their current infrastructure state, design target state and provide a phased approach to reach and maintain it using TeraGo services. He brings 20+ years of enterprise IT experience spread across pre-sales, delivery and product management working with large system Integrators and product companies.
 BDC – Digital maturity assessment – https://www.bdc.ca/en/articles-tools/entrepreneur-toolkit/business-assessments/digital-maturity/pages/default.aspx
 AWS Cloud Adoption Framework – https://aws.amazon.com/professional-services/CAF/
 – Information and Communications Technology Council (ICTC) Report – The Next Talent Wave – Navigating the digital shift – Outlook 2021 – https://www.ictc-ctic.ca/wp-content/uploads/2017/04/ICTC_Outlook-2021.pdf