COVID-19 & the Sudden Shift to Remote Work
As COVID-19 forces employees to practice social distancing, or even to self-isolate or shelter in place, the ability for employees to work remotely has gone from a luxury to a necessity. However, pivoting quickly to a mostly or fully remote workplace isn’t an easy task, and brings with it unique costs and infrastructure requirements.
The Infrastructure & Costs Required to Effectively Support a Remote Workforce
Your team can only remain productive if they have the tools they need to do their jobs effectively. However, though your employees may be set up for success at the office, you will likely need to make a few infrastructure changes if your company isn’t already set up to support remote work. To help your company transition, and keep your digital assets safe both during and after the shift, you may want to consider consulting with your MSSP (managed security services provider).
If your employees mainly rely on desktops to complete their work, you will either need to permit them to bring those computers home temporarily or provide them with laptops. Laptops are significantly more portable and require less physical space than their desk-bound counterparts. This is particularly beneficial for employees who don’t have home offices and are likely going to find themselves working from their kitchen tables or another mixed-use space.
Secure Connections & VPNs
Having employees work from home means they will likely need to access company resources (such as internal networks or sensitive files) remotely. To help safeguard your company’s digital assets, you may want to consider providing your employees with secure connections or VPNs.
For more information about secure connections and VPNs, as well as tips for safeguarding your digital assets while employees are working remote, please read our blog post: COVID-19 Demonstrates the Power of Remote Workplaces (But Those Are Not Without Risks).
Leveraging the Cloud
The cloud is, by design, great for supporting remote work. It allows multiple users to access documents simultaneously, cutting down on the unnecessary emailing back and forth and helping ensure all users are referencing the most up to date documents. Programs such as Google Drive can support a wide variety of cloud-hosted documents, including word processing documents, spreadsheets, and PowerPoint-style presentations. You can also easily upload existing documents and files and specify whether the people you share documents with have viewing, commenting, or editing privileges.
For more information about what the cloud is and learn more about its benefits, please read our blog post: Cloud Isn’t the “Future”; It’s the Now.
The most efficient teams are the ones that communicate frequently. To help your team stay engaged and connected while everyone is working from home, you are likely going to have to rely on video conferencing apps (such as Google Hangouts, Skype, Microsoft Teams, or Zoom) as well as workplace instant messaging apps (such as Slack).
Video conferencing is great for meetings as well as getting some face-to-face time with your team, while instant messaging apps are better for quick questions and the more casual conversations that used to happen around the water cooler or in the break room.
Video conferencing is also great for morale and staying connected on a more emotional level. Scheduling teamwide “lunch dates” or morning check-ins can be a great way to keep spirits up and maintain team cohesion while also letting your employees know that you care about them and are here to support them.
To help support businesses during the pandemic, many video conferencing companies are offering their products for free or at a reduced cost.
Reliable Home Internet
Employees are going to require reliable, high-speed internet to help them stay connected and access the cloud. While most employees likely have internet connections that are robust enough to support applications such as video conferencing, you should have your managers touch base with their teams to ensure everyone has the tools they need to succeed.
Depending on how much of your current infrastructure needs to change, the costs to pivot quickly may be substantial. If you weren’t planning on investing in your infrastructure to support remote work (and therefore didn’t account for it in your annual budget), the costs of this sudden pivot might be compounded if your organization is currently facing reduced profitability in the short term.
Shifting to Remote Work Can Help Future-Proof Your Business
By investing in your organization now, you can not only support your workers during this pandemic but also help future-proof your business. Though the up-front costs are certainly something to consider, remote work has many proven benefits both for employees and employers. These include increased productivity, improved performance, increased engagement, and higher job satisfaction rates. All of these benefits can, in turn, translate into higher profits in the long term, even if your bottom line is currently taking a beating.
Depending on how much of your workforce you allow to continue to work remote once the pandemic is over, you may also find that having fewer employees in the office at one time means you can reduce operating costs by taking steps such as moving to a smaller office.
Being able to support remote work effectively also means you can draw from a wider talent pool and attract workers that are either unable or unwilling to relocate for work. Offering a more flexible working arrangement can also help you attract top-talent with little to no additional costs once you have made the necessary adjustments to your current infrastructure.
Not all IT professionals can be experts at everything, and that’s okay. If your current IT department is feeling overwhelmed an experienced MSSP can help.
Technology is continually changing and evolving, creating new and innovative ways to conduct business. While many of us may still think the cloud is some futuristic concept, in reality, it’s already here and has been for a while.
What is the Cloud?
At its core, the cloud is a collection of web-based applications. Instead of purchasing a program, installing it on your computer, and running it locally, the cloud allows you to remotely access programs using the internet. Instead of running on your machine, these programs are run on large, high-tech servers. Chances are you are already using the cloud; you just might not know it yet.
An excellent example is Google Docs. Even just a few years ago, if you wanted to create a text document, you would likely open up Microsoft Word. That meant that if you wanted to start on a document using your desktop at work, then review it at home later you would have to either save the document to a USB drive and physically bring it home or email it to yourself, make any changes, and then either resave the edited document to your USB drive or re-email it to yourself.
Google Docs works a lot like Microsoft Word, but the documents you create are stored on the cloud, not your local machine. That means that if you start a document on one computer and then switch to another machine, you don’t have to bring your document with you. Instead, you simply log into your Google account from the new machine, access your Google Drive (where your Google Doc is stored), and continue working. This also means that multiple people can view, comment on, and edit the same document in real-time from different locations.
What Are the Benefits of Using the Cloud?
The cloud has many benefits beyond conveniently sharing and editing documents that update in real-time.
No Special Software
Before the cloud, if you wanted to use a program, you would need to purchase and install specialized software to do so. Now, all you need is an internet connection and an account. This makes it easy to work remotely, either from home or while away on business, and ensure that everyone is working with the most up to date version of each document or item.
It also means that you, and your company, can easily access a variety of more specialized programs without the need to physically purchase and install them.
No Data Backups
Since your data is stored remotely on a server, instead of on your computer, you don’t need to worry about backing up your data. The company that runs the servers handles all of that for you, freeing you, your staff, and your physical resources up for other tasks and lets you rest easy knowing that if an incident occurs at your organization, your data is protected.
Purchasing and installing computer programs can be both costly and time-consuming. While some cloud-based programs require monthly fees to access, these are still typically less expensive than purchasing the program outright would be.
Cloud-based programs also require less IT support from your company since you don’t need to pay a professional to install software or network computers to a server, and any problems with the software are handled by the company that provides it, not your IT personnel.
The cloud also allows employees to work remotely more effectively, which can cut down on your infrastructure costs by reducing the amount of office space your organization requires. It also means that you no longer require brand new computers almost every year to support the latest software, since even older models can easily access cloud-based programs.
One of the most important things you can do from a cybersecurity perspective is to ensure all your software is up to date. With cloud-based software, the company that created and maintains the software handles all updates for you, freeing up employees for other tasks.
Using the cloud means that your organization can quickly and easily scale your operations or storage needs up and down depending on your current situation. Any new software or upgrades can be accessed quickly and easily, and may not even require upgrading your account.
Storing your data in the cloud means that if something happens to your office, such as a fire or a power outage, you can more easily resume normal operations. Data on the cloud remains safe and secure, and can easily be accessed remotely if necessary.
Increased Cybersecurity – If You’re Prepared
A type of malware called ransomware (such as the famous Wannacry and Petya ransomware attacks) targets companies by encrypting their data and holding it hostage until the ransom is paid. Unfortunately, too many organizations are forced to cave because they don’t have proper backups of their data, and they can’t continue with normal business operations while their data is inaccessible. Storing your data on the cloud drastically reduces the effectiveness of ransomware attacks targeting your specific organization.
However, though the cloud has many benefits, it also brings with it unique cybersecurity considerations that you should discuss with your Managed Security Services Provider (MSSP). Your MSSP can help you identify potential vulnerabilities and address them effectively to safeguard your cloud-held digital assets better.
The cloud has already changed how we work, streamlining a lot of processes, making it easier to adjust our storage and operations quickly to better suit our needs, and making collaboration easier than ever. Though it has brought with it new cybersecurity concerns, these can be safeguarded against, and their potential impact mitigated, with flexible, robust, and tailored cybersecurity solutions.
Another day, another high profile “bleed” incident has hit the headlines. Following shortly behind recently discovered F5 bug “Ticketbleed” (CVE-2016-9244), Cloudflare, a popular internet services company best known for their CDN (content delivery network), announced last week (on 2/19) a bug that leaked memory contents all over the internet. Cloudflare quickly rectified the issue hours after it was discovered, and then posted a detailed technical explanation on their blog about the root cause (https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/).
Never heard of Cloudflare? They’re the front-end for popular websites such as OKCupid, Uber, FitBit, and many others. Over 2 million websites use its platform and it handles 10% of the world’s web traffic.
Even though traffic to the major websites affected encrypted via HTTPS theoretically making it secure and safe from eavesdropping, any “bleed” incident allows attackers to extract contents from memory, which is not encrypted. Therefore, passwords, private messages, photos, credit card and social security numbers, anything and everything can be scraped and recovered. Website cookie data was also exposed and leaked. This is particularly concerning due to many websites significantly lowering security barriers when cookie data is detected. A cookie identifies you to the website as a person who has previously authenticated and therefore, is more likely to be legitimate, thereby bypassing security questions or even skipping login pages altogether.
In the case of a bleed incident, it is ironic that the “bad actors” were the search engines themselves – Google, Yahoo, and Bing – as they automatically and continuously scan and cache websites, inadvertently storing compromised memory contents and allowing anyone to access them. This was the precise mechanism by which this bug was discovered; a security researcher at Google discovered Cloudflare’s RAM contents cached by Google. Fortunately, since the website leak, Google and most major US-based search engine are now cleaning caches containing leaked data. However, users are still advised to change passwords on websites hosted by Cloudflare because private data may have been captured by third parties that have weaker ethics than the likes of Google.
As a user, what should you do as a response? Incidents like this stress the importance of using unique, randomly generated passwords for every site (stored by password managers). Therefore, if an attacker were to acquire your Uber credentials, they can’t use the same password to login to your back account. Secondly, adopt MFA (multi-factor authentication) wherever possible. Even if your password is compromised, unless attackers physically steal your phone (or whatever secondary authentication device is required), sensitive data remains secure.
As a society, breaches like this highlight several interesting facts. Firstly, it brings to light just how few people understand the underpinnings of the internet. Most people have no idea what a memory leak is (and how dangerous they are), or have even heard of firms such as Cloudflare, which just happens to be an internet behemoth.
Secondly, it demonstrates the fragility of an Internet reliant on a very small number of major companies to maintain its smooth operation. Humans aren’t infallible, and when coding under strict project deadlines, mistakes are bound to happen. It’s unfortunate if there’s a bug in your code and your website is compromised; it’s a major ordeal when a single bug causes over two million websites to be exploited.
Lastly, how many compromises or outages like this need to happen for businesses to realize that they should heavily consider the potential ramifications of hyper-centralization of vital online infrastructure? Ironically, there is really no incentive for anyone to do anything about this, because it provides a kind of perverted safety in numbers: “It’s not just our website that had this issue, it’s everyone’s shared problem.” The same principle applies to large scale IaaS providers such as AWS and Azure. Two recent examples of this include the large Amazon S3 issue which affected a significant portion of websites and web-based applications on Tuesday and the Dyn DDoS attacks a few months prior. So, what do you do you might ask. One step is to better understand the risks of using a specific provider, have a contingency plan when service interruptions, data breaches, bugs do occur, and have the resources and partners that you trust to have your back. To protect yourself in today’s environment knowledge and prevention is the first step to truly living with confidence in your business.
Written by Chad Schamberger, Director of Engineering- VirtualArmour
40 percent of North American business-critical applications are in the public cloud*, whether it is file storage, a communications application, or full blown IaaS. These strategies are attempting to address one common theme, increasing productivity of your employees and reducing costs associated with running these services on your own. Especially for small to medium businesses, hiring IT professionals is usually not a part of a business plan, these services are crucial to operating at the level of your competition. Cloud usage must be a part of nearly every single business large and small but do the risks out weight the rewards?
You probably ask yourself is the cloud more secure? Is my information and IP better suited to rest and operate in the cloud? Some say cloud service providers are better suited to provide security controls as it is their business and it is inherent to their high standard of operations. More than half of cloud applications, including all the mainstream providers, follow industry security standards, so your data likely rests in a secure environment. Others argue that, although cloud services may be inherently good at keeping your data safe, it doesn’t mean that your data isn’t potentially malicious to your users.
Let’s dive a bit deeper into the last argument. A cloud storage provider has done a valiant job at protecting your data and providing access control to properly authenticated users. In your eyes, and the provider’s, you’re operating in a compliant cloud storage environment. What about my trusted users? How do I protect against intentional or unintentional malicious employees? For example, a Drive Sync, a feature where a folder can sync data from the end-point to the cloud and vice versa. Drive Sync, your best friend and your worst enemy, exponentially increases the attack surface associated with cloud storage providers. Only one end-point needs to be compromised and it could potentially spread to your entire organization.
The typical stance is not if, but when, will I be a part of a data breach. Does utilizing cloud providers increase my chance of a breach? The answer is likely yes if you don’t approach with the same process as you would with any other business critical application.
Per a report released by Netskope*, 34 percent of organizations have malware in their cloud applications and don’t know it. 57 percent that do scan for malware in their cloud apps found it. So we know that there are already methods in place for attackers to leverage these services, the decision you have to make do the risks out weight the rewards? There are plenty of mechanisms out there to safely adapt cloud services, and the benefits are too useful to ignore. The only way to properly address cloud adoption is use the same processes you would building them on your own. Know the apps you have, control their usage, protect your most sensitive data, scan and remediate threats.
Vancouver, B.C. – (June 8, 2016) VirtualArmor International Inc. (“VirtualArmor” or the “Company”) (CSE: VAI) is pleased to announce that it is expanding its sales team to meet the heightened demand for cloud offerings and managed cybersecurity solutions.
“With the need for cybersecurity solutions continuing to rise in the U.S. and internationally, our Company is doubling its sales organization to include additional personnel to meet the growing demand of North American enterprises that are looking to strengthen their security posture,” said Matthew Brennan, Vice President of Sales at VirtualArmor.
The new professionals will be responsible for driving sales efforts in Seattle, WA, Portland, OR and the Bay Area, CA. Both the Pacific Northwest and the Bay Area are known for their innovation.
“Enterprises of all sizes are seeing a great value in working alongside a managed security services provider. The majority of these organizations don’t have the staff, experience or knowledge to effectively monitor (24x7x365), manage and maintain their network,” continued Matthew Brennan. “The mission of our expanded sales force will be to drive revenue in areas of the U.S. that we haven’t been focused on and more importantly have had no sales or engineering presence in the past.”
VirtualArmor is a cyber security company that delivers solutions to help enterprises build, monitor, maintain and secure their networks from cloud to core. As a managed security services provider, VirtualArmor’s services run 24 hours per day, 7 days per week, 365 days per year through its primary security operations center (“SOC”) located in Middlesbrough, U.K. and a secondary SOC located in Salt Lake City, Utah. Each member of VirtualArmor’s team supports the three main facets of its business: managed services, professional services, and hardware sales, by handling the design, configuration and installation of advanced network and cloud architecture solutions. VirtualArmor uses best-in-breed partnerships to provide solutions for customers that are affordable, highly reliable, scalable, and backed by thorough knowledge of the related technologies, products, and platforms. VirtualArmor has secured partnerships with established technology businesses specializing in network appliances, software, and systems and provides its services to the mid- to large- enterprise and service provider markets. VirtualArmor customers include a 13-location data center provider, a Fortune 100 oil and gas company, multiple service providers with presences throughout the United States, and household name enterprise organizations located primarily in the western United States. Further information about the Company is available under its profile on the SEDAR website, www.sedar.com, on the CSE website, www.thecse.com, and on its website,http://www.virtualarmor.com.
President and CEO
Investor Relations Contact:
This press release may include forward-looking information within the meaning of Canadian securities legislation. The forward-looking information is based on certain key expectations and assumptions made by the management of VirtualArmor. Although VirtualArmor believes that the expectations and assumptions on which such forward-looking information is based are reasonable, undue reliance should not be placed on the forward-looking information as VirtualArmor cannot provide any assurance that it will prove to be correct. These forward-looking statements are made as of the date of this press release and VirtualArmor disclaims any intent or obligation to update publicly any forward-looking information, whether as a result of new information, future events or results or otherwise, other than as required by applicable securities laws.