Shadow IT and Data Governance

Computers are tools that no business can operate without. From the simplest of organizations to the largest of corporate enterprises, computers are the tools that enable the work. Yet business IT often operates without enough thought or attention paid to data access and governance, where applications or services are installed or implemented by non-technical users that don’t always understand the implications of their actions. IT isn’t just about computers and servers, routers and switches. It’s about the user environment, workflow, data, security, applications, infrastructure and more. The resources which provide the foundation for whatever it is the business does – this is the area of IT. 

When businesses need to implement new applications, IT must install or secure or protect the solution. When a business needs to set up databases or analytics infrastructure, it is in the realm of IT to provide those resources. Very little happens in a business without the support of information technology. 

Too often, small and growing businesses minimize the importance and strategic value of closely managing their information technology when it comes to building longevity and reducing risk in the organization. IT departments and MSPs face a constant struggle to keep up with demand while fighting a battle against ungoverned expansion of applications and services in use.  

According to Wikipedia, “Shadow IT refers to information technology systems deployed by departments other than the central IT department, to bypass limitations and restrictions that have been imposed by central information systems. While it can promote innovation and productivity, shadow IT introduces security risks and compliance concerns, especially when such systems are not aligned with corporate governance.” 

When a business elects to implement a solution outside of the existing IT environment, or in the current environment but without consideration of implementation standards or resource availability, it reduces the time-to-benefit of the solution and new risks are introduced. Additional costs may also accompany this activity due to requirements to buy more infrastructure to adequately support the solution, or through closing gaps exposed in an improperly secured deployment. 

Noobeh helps businesses manage and protect their IT environment more efficiently, providing the change control and governance needed to turn IT into a strategic business advantage.

Mendelson Consulting’s cloud services team powered by Noobeh has the experience of helping businesses establish a solid foundation suitable to support business sustainability, improvement and growth. Leveraging the security, flexibility and massive scalability of the Microsoft Azure cloud platform and Microsoft 365 Fabric and framework, Noobeh helps businesses improve their infrastructure, reduce IT break/fix and administrative costs, and take advantage of the power and interoperability of the Microsoft technology stack. Noobeh helps businesses keep their systems managed, protected, and ready to handle whatever comes next.

Whether it is migrating applications from on-premise to cloud, providing remote support and management of computers and devices, licensing and administration of Microsoft 365 services, or setting up database, data warehouse or data lake infrastructure for analytics and AI, the Noobeh cloud team at Mendelson Consulting deploys and supports strong foundations for growing organizations. 

bunny feetMake Sense?

J

Cybersecurity and Small Business

Small businesses face many challenges as they grow and expand, and chief among them is the growing threat of cyber-attack. As the company grows, its value to cybercriminals grows, too. Implementing comprehensive cybersecurity measures is essential to maintaining customer trust and safeguarding important business data against these threats.

There is a belief among small business owners that their operations are too small or insignificant to be attractive targets for cybercriminals. Cybercriminals, on the other hand, more often view small businesses as easy targets. Why is this? Largely because the bad guys know that the smaller companies aren’t spending on cybersecurity services and tools and aren’t always keeping their workers informed about ways they can participate in keeping things safe.

To help protect the business from cybersecurity threats, it is crucial to invest in some key security measures. Longer and more complex passwords, regular software patching and updating, and periodic training for employees on how to identify phishing attempts and what to do with suspicious emails is a good start. Cybersecurity efforts should scale with the business, and this requires strategic planning that is aligned with the goals and objectives of the business.

The best cybersecurity approaches are built on a secure foundation, and this is what helps to support business growth and expansion. For every business, there are four cornerstones of a solid cybersecurity foundation.

  • Identifying potential cyber threats and understanding the business risk they represent.
  • Enforcing strong password protection and role-based access controls.
  • Following best practices in cybersecurity.
  • Managing documentation and vital business information securely.

Cybercriminals know that smaller businesses generally have limited cybersecurity resources, making small businesses prime targets for phishing and malware. What is the potential impact of falling for a phishing email, or what happens if there is a ransomware attack? Each type of threat carries different levels of risk, and growing businesses should be aware of the potential financial, legal and reputational impacts when evaluating their approach.

Businesses can help their users become part of the cybersecurity plan by regularly training them on phishing methods and ways to avoid ransomware or malware. When users know more about emerging threats and how to recognize and report suspicious things, they become valuable assets in the improvement of cybersecurity of the business.

The first line of defense in cybersecurity is the username/password challenge. Many systems today use an email address as the username or user ID, which means it really isn’t much of a challenge to guess. This leaves it to the password to keep the account secure, so a strong and unique password is necessary.

Making another challenge to the authentication adds another layer of protection to the account. Referred to as 2FA or MFA (two-factor authentication or multi-factor authentication), users may be required to respond to an in-app message, provide a code received via SMS or other, or provide a code from an authenticating application to satisfy the login requirements. This additional challenge to the user identity makes it harder for cybercriminals to gain unauthorized access.

Ensuring the protection of sensitive business information requires controlling what users have access to once they are in the system. If someone were to gain unauthorized access, having appropriate role-based access controls in place would limit their ability to get sensitive data. This is often another area of vulnerability for smaller businesses that don’t implement strict document controls or structures, opting instead for an open self-service model that leaves data available to whomever can get logged in.

With businesses changing frequently, it is important to not just create a framework to limit user access, but to keep user and role-based access reviewed and updated regularly. Software and systems also need to be updated regularly. Known software vulnerabilities should be patched and security updates installed on devices, and policies enforcing updates and antivirus/malware detection should be implemented.

We understand that businesses must enhance their cybersecurity strategies to combat the growing number and type of cyber threats, and it can be challenging just figuring out what to do first. Working with a variety of technologies and specialists, we can help secure your digital environment and keep you better-protected from the bad guys.

jm bunny feetMake Sense?

J

Cybersecurity and Retail Should Always Go Together

Retail cybersecurity is a critical concern for every business in the retail industry, which is why cybersecurity and retail should always go together. Retailers are prime targets for cyberattacks due to the valuable customer data they collect, which usually includes personally identifiable information (PII) and credit card numbers. Retailers can handle large volumes of customer data, which becomes an attractive target for cybercriminals seeking to profit from selling it on the dark web.

Recent statistics from various sources suggest that more than 24% of cyberattacks specifically target retailers, making it one of the most heavily targeted industries. Roughly one third of retailers cite cybersecurity concerns as their primary obstacle in transitioning to e-commerce, with cost and technology barriers coming close behind.

For the bad guys, however, it is all about the money. Almost all retail cyberattacks are driven by financial motives. When consumer data is compromised, most of the information exposed consists of payment information and personally identifiable data which can fetch a good price on the dark web.

Retail cybersecurity threats occur because the environment tends to have a lot of elements. The hybrid nature of many retail businesses introduces additional risk, where brick-and-mortar stores are combined with e-commerce platforms and services.

NFC (Near Field Communications) vulnerabilities exist in some payment systems, and many Point of Sale (POS) systems still do not use point-to-point encryption for their communications. Even if communication streams are encrypted, it makes little difference if the software has known vulnerabilities or if insecure plugins or add-ons are being used.

Cloud-based storage and mobile apps increase the presence of stored data online, which increasingly leads to new threat vectors like cloud-based botnets and more.

The key is for businesses to prioritize security and invest in platforms and solutions that will help protect customer and business data. Critical in this effort is the implementation of IT best practices in regularly updating operating system and application software, limiting the access users have for installing or modifying software on their devices, and always monitoring the systems for vulnerabilities.

Like cybersecurity and retailers, Noobeh and secure IT go together. We help retail and other businesses proactively address cybersecurity challenges so they can protect both their business and their customers. Noobeh cloud services helps retailers secure their business servers and systems, delivering scalable, high availability and highly agile solutions that keep business and finance operations running.

Noobeh provides services for Microsoft 365 and Microsoft Azure platform and deploys solutions for manufacturing, inventory management, multi-channel commerce, EDI, financial and more. Get together with Noobeh and find out how we can help your business operate more securely and with better, more agile and resilient IT.

jm bunny feetMake Sense?

J

Prey or Empowered? Small Businesses and IT Security

Now more than ever, small businesses need to be vigilant with their information technology security. Small businesses may not be the big fish in the sea, but there are plenty of them out there to catch. Small businesses tend to make the best targets because they often fail to perform security audits, they may not be willing to invest in the resources needed to protect themselves, and they frequently don’t even carry the right insurance coverages. To hackers, small businesses are easy prey.

“Don’t think you are too small to be affected,” says Erik Knight, the founder and CEO of SimpleWAN. “Every place you have an employee or office is a potential entry point. Take it seriously; if you have something worth taking, a hacker will try to take it.”

https://www.forbes.com/…

There are a few things every business can do to improve the security and privacy of their data. It isn’t an option any longer; these are essential elements in an overall security strategy that can make the difference between staying in business and not.

Use strong passwords, not easy-to-guess words, phrases or sequences (1234 is not a strong password). Passwords should be unique, more than 8 characters in length, and have a mix of numbers, letters, and special characters.

Keep software updated. Whether it is the operating system on your computer or the software you use to write letters, having up-to-date software matters. Developers don’t just upgrade software to fix bugs or introduce new features; software often gets updated because of security issues or vulnerabilities.

Keep networks and connected devices secure to make sure that the computers and connections aren’t introducing weaknesses into your system. Not only are password controls and software updates needed, but firewall security and good anti-virus/anti-malware solutions are also a must. Keeping an eye on the server matters, but the connecting points and end points are where many vulnerabilities exist.

Set up two-factor or multi-factor authentication to further secure logins. 2FA and MFA is like having ID besides just your driver’s license to prove you are who you say you are. Your password, like your DL, is just one factor; you need one more thing to prove your identity for 2FA, like a code from your phone or maybe your fingerprint. The point is that there should be more than just a username and password to access important data.

Restrict use of personal email or social media on work devices. This gets a little trickier with smaller businesses, as many don’t or can’t support providing users with all company-owned devices. There are tradeoffs to allowing users to bring their own devices (byod) versus using company-owned devices. When mobile devices are part of the mix along with desktop and portable computers, it becomes even more complicated and the risk potential increases.

Use encryption for data in transit and data at rest. Encryption is like scrambling the data and then unscrambling it when you access it. In transit, data may be encrypted by a VPN so that it is protected over the wire (in motion) as it is sent and received on the network. RDP is also encrypted, but this remote access method’s main purpose is to keep the data from leaving the server in the first place. At rest, like when it is sitting on a hard drive or other storage location, data can also be encrypted. To open the file or file system, you need a key to decrypt it.

Keep all data backed up and create a way to rapidly recover your server and systems in the event of failure or compromise. Backups are great right up until you find they are as damaged or unrecoverable as your main system, so make sure to have a policy of testing your backups periodically. There are many ways to back up and protect your data, including external drives and cloud storage. If data gets lost or corrupted, you want to be able to restore it from a backup. Regularly audit your backup and data security practices to help identify weaknesses that make the business vulnerable.

Educating employees on the importance of cyber security is among the most important steps a business can take to protect itself. Keeping passwords secure and secret, knowing how to spot a phishing email and what to do and not do with it, not clicking on suspicious links in emails, not sharing personal or confidential information online, and what to do in the event of a breach are all things that should be regularly discussed with workers and supported by written policies.

Managed Azure cloud servers from Noobeh help you keep your business information more secure. Our services demand high levels of security and privacy, and we help our customers keep their data and systems safer and more secure by handling some of the requirements for them.

  1. Strong password policies and MFA is our standard setup, and software updates and patching are part of the service.
  2. Working on the cloud server keeps data on the server and not traversing the network or downloading to individual PCs, so information stays secure and separate from whatever a user runs on their local devices.
  3. Data on the Azure virtual machines is encrypted at rest, and additional encryption is available to add more layers of protection. Data in motion is encrypted, but very little data actually traverses the wire.
  4. Servers and data are backed up regularly with snapshots and file level backups, allowing for simple file restores as well as comprehensive system recovery.

For small businesses, Noobeh has the solution for creating a more secure and better protected IT environment where applications and data can be available to those who need them without compromising the investments already made in training and process development. Moving software and data to a private cloud server allows companies to continue using the software they rely on, just in a better way. Instead of being easy prey to hackers, our customers benefit from higher levels of IT administration, management and protection that empowers them to work the way they need to – any time, anywhere.

jm bunny feetMake Sense?

J

Controlling SaaS Inflation

The cost of everything is going up, and that is as true for businesses as it is anywhere else. From office space and salaries to vendors and suppliers, everything is hitting the bottom line harder than before. For businesses invested in online application services and Software-as-a-Service solutions, the rising cost of usage is outpacing other expense categories at a fairly high rate.

Consider that many small businesses start with whatever is cheapest and easiest to use, which usually means a web-based solution. From there, the business cobbles together it’s IT by using a variety of applications and services and eventually ends up with a tangled web that can be difficult to straighten out.

Even larger enterprises find that shadow IT implementations and web-based application services make their way into the mix, costing companies greatly through unmanaged subscriptions, lack of vendor management, and missed opportunities for consolidation of resources.

Covid and remote work requirements fueled a lot of the growth in SaaS adoption as businesses implemented solutions and services to support a distributed workforce. Leaving millions of square feet of office space unused while at the same time investing in remote and mobile work, businesses have had a hard time of it.

According to an article on CFODive, “Software inflation has remained “stubbornly high” this year at a rate of 8.7% — more than double the inflation rate as measured by the consumer price index in the U.S., according to research conducted by London-based Vertice, a software-as-a-service and cloud spending management company.”

In 2023, SaaS inflation increased by 8.7%, meaning the same unchanged set of SaaS products will cost businesses significantly more than it did a year ago.

Vertice.one SaaS Inflation Index report


The Vertice report indicates that sales software, finance software and productivity tools represent categories of software that saw inflation rates of over 10% as compared with 2022. Another uncomfortable reveal from the report is that most software companies simply hiked their prices, and in some cases, they hiked them up a lot (23% increases, for example). The rising cost of Software-as-a-Service, referred to as SaaS Inflation, is a lot higher than with other products.

Part of the problem may be the global nature of online application services and SaaS companies. Costs of operations and the pricing of the product may be consistent across geographies, yet different regions will experience inflation in costs of other goods and services based more on regional factors. The result is a SaaS inflation rate higher than the consumer inflation rate. Yet even in areas where the SaaS inflation rate seems to be more in line with consumer inflation, it’s still a lot higher than many other categories of products and services. Only food and beverages compete at similar levels of price inflation.

Another part of the equation is the value for the dollar. Everyone knows that a dollar today buys less than it did last year. At the grocery store, this shrinkflation is obvious when an item is now more expensive, and you get less for the same price. With SaaS, the shrinkflation may not be quite as obvious. License packages change, features are introduced (or removed), and the value to the customer can change dramatically over time while the rates simply increase.

There are some important steps a business can take to minimize the impact of SaaS inflation, and it all starts with knowing what you have and how you use it. Reducing or eliminating shadow IT and implementations outside of general governance, consolidating vendors and licensing, and reducing redundancy in functionality and process support are key areas to focus on to control the spend.

Mendelson Consulting has experienced consultants that can work with your business to understand your needs and evaluate your options, helping to find the right solution for the problem while minimizing sprawl and spending.

Whether you rely on Software as a Service, Infrastructure as a Service, or any other -as a service solution, the Mendelson Consulting and Noobeh cloud services teams can help you do more with your investment.

jm bunny feetMake Sense?

J

Is Your Business IT Ready for Industry 4.0?

Over the past several hundred years there have been trends which revolutionized industry and manufacturing around the world… steps taken in an industrial revolution which advanced the evolution of civilization and life as we know it. The first revolutionary phase was combining mechanization with steam and waterpower, and the second was the combination of mass production with electricity. The third was the rise of electronics, IT systems and automation. We are now at the start of the fourth phase of industrial revolution.

PwC’s Insights suggests that Industry 4.0 “refers to the fourth industrial revolution, which connections machines, people and physical assets into an integrated digital ecosystem that seamlessly generates, analyzes and communicates data, and sometimes takes action on that data without the need for human intervention.”

This next phase advances on concepts introduced through digitization and connected frameworks, tying in the industrial IoT (Internet of Things) and smart manufacturing. This meshed model relies on interconnectivity of systems, lots of automation at high levels, machine learning and AI… all collecting and generating data in real-time.

Where physical operations and production join with smart digital technologies, big data, and machine learning, businesses can forge systems which focus directly on manufacturing and supply chain management, gaining new insights and getting actionable data at all levels.

Virtualizing physical resources and digitization of analog data is now coupled with improved access to and management of the platforms. Rather than building out on-prem physical servers and systems, businesses are finding that the agility, scalability, and fault-tolerance of the cloud is necessary when designing an operation that connects, communicates and collects data, performs intelligent analyses, and potentially acts without people getting directly involved.

Every company is different, but all face a common challenge — the need for connection and access to real-time insights across processes, products, and people.

The consulting team at Mendelson Consulting and our NOOBEH cloud services group know how to get businesses in the best position to implement the tools and services that will propel the operation forward. From the most popular and powerful small business financial software to cloud platforms which enable connectivity in applications and workflows, we understand what it takes to help small businesses transform.

jm bunny feetMake Sense?

J