What Is The Cloud And How Does It Apply To My Business? Sandy Area Chamber of Commerce May 23, 2013 By Matt Wilson – Brightstar Consulting mattwilson@brightstarconsulting.com www.brightstarconsulting.com Outline • • • • • • • • • Purpose Teasers What Is The Cloud? (Potential) Advantages of Cloud Services (Potential) Disadvantages of Cloud Services Considerations with Cloud Services Decisions to make with Cloud Services Q&A Cloud Services Purpose • To provide information about what the “Cloud” is • To provide ideas on how the Cloud can be used in business • To provide warnings on what to be concerned about when using the cloud • Not to scare anyone away from using the Cloud, but to provide pros, cons, and warnings so it can be used intelligently Teasers • HINT #1: If you use a computer the odds are that you’re already using the cloud whether you know it or not. • HINT #2: While you have to pay for many cloud services, many of them are free and available to your business today. • HINT #3: You can use the cloud a little piece at a time, and only need to use as little or as much as you want to. • QUESTION #1: Do you need the cloud for your business or personal life? • QUESTION #2: How do you use the cloud? What Is The Cloud? • “Cloud” has become a marketing buzzword that has lost almost all meaning • NIST does have a formal definition of cloud computing that some companies adhere to when referring to “The Cloud” • Working definition - Service or product that is available on or through the internet • What does it mean that something is in the cloud, or is cloudenabled? • The cloud changes things by offering new options and capabilities, but it does not completely change everything • Still have to consider things like security, backup / disaster recovery, usability, costs, and training • Sound business practices and ideas still apply • Industry and other regulations still apply, and can be even more important than with on-premise solutions What is The Cloud? • NIST definition of Cloud Computer http://www.thecloudtutorial.com/nistcloudco mputingdefinition.html (Potential) Advantages of Cloud Services • Do not have to buy a lot of hardware, software, or build an extensive infrastructure to use • Can be cheaper than "traditional" IT service – Consider all associated costs when comparing services (hardware, software, services, setup, training) – Consider pricing model of service you are considering • Easy to test different products till you find the one you like • Software often doesn't have to be installed, upgraded, or maintained, you only need to use a browser (Potential) Disadvantages of Cloud Services • Some services can only be delivered via the cloud • Many services require an internet connection to use them. – No connection, no service – Many of them require a fast internet connection • Can be more expensive than “traditional” IT since there is often a subscription cost – Consider all associated costs when comparing services (hardware, software, services, setup, training) • You are at the mercy of the provider when it comes to changes and upgrades, or whether the service will even exist tomorrow (this is especially true with free services) • You often only need to use a browser, software doesn't have to be installed Considerations with Cloud Services • There are many pending cases, rulings, and appeals working their way through the courts that could have a huge impact on “The Cloud” – Will warrants or subpoenas be necessary for law enforcement or other government agencies to access email or data in the Cloud? – Some rulings have held that information held by a third party does not require a warrant. – Will the provider fight on your behalf? – What can get you sued? • Be cautious with ad supported sites or services – Many ads are poorly written and will cause problems on your computer or in your browser that can cause software crashes or require a reboot – Some ads try to install malware, even if using a reputable sites – It’s the ad, not the site or the service that is the problem Considerations with Cloud Services • Avoid creating “islands of information” – Can lead to relevant data for something being scattered amongst multiple services – Can lead to manually entering and maintaining the same data in multiple services – “Traditional” IT has been working for years to reduce this unnecessary duplication of data and labor, but it's seen a resurgence with the advent of cloud services – Are different employees using different services to do the same thing, each with a different subset of your business data • If an employee starts using a cloud service, can you continue accessing the service or data when they are no longer working for you? Considerations with Cloud Services • If you are no longer using a service can you get your data back “out”? • What kind of support does a cloud service provide? • What happens when a cloud service disappears? – They go bankrupt and suddenly cease operations? – "Disaster" that takes them offline or makes them unavailable? – Assets seized under warrant, but now you can't get to your data • The cloud is no substitute for proper backups – Still need to plan for data backup and disaster recovery, and actually run data backups, not data synchs to a cloud service – Cloud services can provide many data backup needs Considerations with Cloud Services • How does a cloud service provider approach security? – Is it real security, or is it really security theater? – How do they handle "lost” or “forgotten” passwords? – Does having a password on your account actually protect your data? – Do they provide the option to use two-factor authentication? • Do they encrypt your data? How is the data encrypted? Who can decrypt it? – Trust No One / PIE (Pre-Internet Encryption (was PEE - Pre Egress Encryption)) – Can have a huge bearing on data governed by regulation, such as HIPAA – Do they actually know what they’re doing with encryption? Did they just make it up on their own? Considerations with Cloud Services • Local security becomes even more important – – – – – A Linksys or Netgear router is not a firewall Current antivirus software is essential, and should not do too much Web filtering should happen “before” your computer Which security services comes with you when you are "offsite"? What is your companies password policy for local computers and websites? – Who has physical access to computers and other equipment? • Using Cloud services doesn’t replace the need for local IT resources: hardware, software, services, planning, maintenance • What industry regulations govern your use of Cloud Services? – HIPAA – Sarbanes Oxley – Others Decisions to make with Cloud Services • Decide who makes the decisions about what cloud services will be used for your business, and who decides what data will be put up there – If an employee makes the decisions on their own, the business will still bear the consequences of a data breach or regulation violation • Decide what business or customer data you will put in the cloud • Decide who will manage the service and the data it has – Some services truly need an expert to manage them, but experts aren't required to use them • Just as with all business decisions get ahead of the curve and decide what you'll use, don't let it be forced upon you by circumstances or the actions of others, especially employees (unless it's their job to make those decisions) • Decide what you want to do and when – You don’t have to do it all at once, take it a step at a time – As will all IT plans, doing things piecemeal without a plan, or at least an outline can lead to huge problems down the road Q&A Cloud Services • Accounting – QuickBooks online (QuickBooks has their own offerings, as well as various 3rd-party offerings) • Antispam (can be considered a form of security) – Best antispam services are cloud services, locally installed software is pretty much worthless • • Spamsoap – www.spamsoap.com, Pay service Backup – Online backup can get expensive and be slow, generally best used to supplement a sound onsite backup strategy – Carbonite – www.carbonite.com, Pay service, generally does not back up full system, so make sure it can do what you need – GFI – www.gfi.com, Pay service – ShadowProtect – www.storagecraft.com, often requires an IT Pro to fully implement but well worth it for the right companies – Symform, www.symform.com, Freemium service, low cost even when you pay, excellent security, but can be quirky to setup and maintain, often requires an IT Pro to make setup properly • Business Collaboration – Microsoft SharePoint – can be run on-premise, or as a Pay service as part of Office 365 Cloud Services • Communications – – – – • CRM – – • This may be the best way for a small business to get into full-blown CRM software rather than merely contact management. While the technical costs are greatly reduced the business costs of planning and configuration are still there, as well as the need to be fully committed to using the service from the top all the way down. www.SalesForce.com – Pay service Email – – – • IM software of many varieties Facebook chat - Free Microsoft Lync – generally gotten as part of Office365 Microsoft Skype – Freemium service Google mail – Freemium service Microsoft Office365 – Pay service with many options, avoid P or M plans, get E plan Microsoft Hotmail / Outlook.com – Freemium service EMR – – – Different options depending on your branch of the medical related fields We generally recommend this when available, due to various costs when setting up security, reliability, backup, and maintenance. Increasingly a necessity due to various laws such as HIPAA or other regulations Cloud Services • File Storage / Sharing – – – – • Financial Services – – – • Be very careful with security, and use Two Factor Authentication whenever possible Online banking with numerous banks and credit agencies PayPal – www.paypal.com, some services are free, others are pay. An excellent way to supplement online services from your bank, as well as to send invoices and collect payments online., especially if volume is low. If used properly can avoid many of the hassles of PCI compliance. Graphics Software – • Be very careful with this category of software. It is very easy to expose yourself to risk or liability, or violation of industry regulations. Proper security is also often a problem. These are excellent tools for sharing files with the public Dropbox – www.dropbox.cm, Freemium service Microsoft SkyDrive – www.SkyDrive.com, Freemium service Adobe Creative Suite Cloud – Pay service, can be a good way to get the latest Adobe software "Note-taking" Applications – – Evernote – www.evernote.com, very popular and powerful software, especially designed to run on smartphones and tablets, but be careful what you put up there as the encryption is very weak Microsoft OneNote – free with many smartphones and tablets, otherwise get it as part of Office or Office365.- Works with Mac as well as Windows – Early notes for this presentation were done using OneNote on a smartphone before it was all transferred into PowerPoint Cloud Services • "Office" software – Google docs – some versions are Free, others are Pay – Microsoft Office365 (only get E plans, not P or M) – many, many options, including Office software, email, communications, collaboration – Microsoft Office WebApss – Free service, basic versions of Word, Excel and other applications, not as full featured as the “regular” versions. A version of them is also available with Office365. • Password Management – Strongly recommended from both a security standpoint and a business management point of view. “Advanced” services can also allow managing and controlling the passwords available to multiple employees, meaning you have control over these increasingly important assets. – Lastpass – www.lastpass.com, Freemium, with two tiers of pay, allowing for personal password management and business password management. If a business chooses this they should choose the “Enterprise” version • Phone services – These services allow you to have the benefits of a full y featured phone system without installing one. You do need enough internet bandwidth to support the additional load, and generally need to buy phones that are compatible with the system – Ring Central – www.ringcentral.com Cloud Services • Remote Control / Remote Support – – – – • RMM – – – – • A class of software generally used by MSP providers, this software/service allows remote monitoring, maintenance, and support of computers and servers. Nearly all solutions alike this include some form of remote control solution. These services usually require IT support to install, configure, and monitor, though some things can be done by non-technical people GFI – www.gfi.com Kaseya - www.kaseya.com Microsoft Intune – related to Office365 Search – – • There are various solutions that allow someone to remotely control a computer, either to get work done, or to facilitate technical support. Very useful and powerful, but be aware of costs, security considerations, and potential conflicts that each of them has. Most solutions have clients that can make the connection from a smartphone or tablet. LogMeIn – www.logmein.com – Pay Service TeamViewer – www.teamviewer.com – Pay service Remote Desktop Connection – free with Windows, requires network configuration to use, often will need IT support to configure properly Bing Google Security / Antivirus – – – – Especially important when using cloud services. Make sure that the solutions you use automatically keep themselves patched and updated, and do not require a manual installation process to get the updates. Unless the software is centrally managed this eliminates most antivirus soluations on the market Microsoft Security Essentials – www.microsoft.com/security-essentials, Free software to home users and small businesses up to 10 PC’s. Not centrally managed but an exceelent choice for most people Vipre – www.vipreantivirus.com, Pay service, one of several centrally managed solutions, offered in some MSP plans OpenDNS – www.opendns.com, Freemium service, one part of their pay service includes extensive antimalware protection that is not possible in “traditional” antivirus software Cloud Services • Social Media – – • Software update services – – – – • This kind of service is great for not only maintaining a computer, but keeping it secure. Ninite – www.ninite.com, Freemium service, can be very helpful for installing and maintaining software on Windows, Mac, and Linux. Pay versions can automate this process and do other sophisticated thing Secunia – www.secunia.com – Freemium service. Generally used for checking if a computer is secure or patched, the pay versions can add increasingly powerful and complicated options that are best handled by an expert Windows Update – Usable with Windows, this is the bare minimum that is needed, and does need to be kept up with1 Two Factor Authentication – – – – • FaceBook LinkedIn AuthAnvil – www.scorpionsoft.com, generally used with on-premise servers, limited use with the cloud Google Authenticator – most common on smartphones Microsoft Authenticator – can be used in the same places as Google Authenticator Yubikey – www.yubico.com, used with many cloud services, even works with AuthAnvil "Web" filtering – OpenDNS – www.opendns.com – Freemium service, this is it’s most commonly recognized purpose, and it included in all free and pay levels.