Posts

Posted on

Contrary to What You Learned in Grade School… Sharing is Bad, Okay?

There is a place and time for sharing. Share your color crayons, share your toys… share your feelings with those you love. But when it comes to business technology and infrastructure, sharing isn’t always the best approach. Some things you should just keep for yourself… like the servers you use for hosting business desktops, desktop applications and business data.

When we first began the journey of bringing small business desktops and applications like QuickBooks to the Internet, the “cloud” was not yet a thing. Hosting providers put up servers in racks in data centers, installed software and stored data on behalf of customers, and did their best to find ways of making the service affordable. Elastic resources, massive scalability and built-in redundancy (which are benefits of a real cloud fabric) were not generally available nor were they even remotely affordable. Because the hardware, networking and other resources that make up the hosting infrastructure is costly, it is important for the hosting service provider to be able to spread those costs across the entire customer base.

In most cases, this meant creating shared servers where many customers run their applications and store their data. Even when a provider suggests that a customer has a “private” server, there is still a good chance the server is using shared storage and/or networking resources made accessible in the environment.

Sharing can be a good thing or a bad thing, and it often depends on the behavior of those involved. In shared application hosting environments, particularly desktop hosting environments, there is a lot of potential for intentionally and unintentionally causing problems that can and will impact other users and customers on the platform.

A simple provisioning error might allow a user to see data belonging to another company or have access to applications or services they should not.

With shared resources, bad actors and intruders can often escape permission boundaries, attaching to network shares and other computers on the platform.

Malware accidentally introduced by an innocent user from one company could easily penetrate the entire system, following paths to data storage locations and other servers, spreading the problem to many customers and systems and even data centers.

If you are operating on the compromised system you are at risk, even if the compromise wasn’t initiated by one of  your users or from within one of your applications.

In the realm of QuickBooks hosting providers, the issues around sharing infrastructure and resources have created some very difficult situations for hosts and for their customers alike – especially when it comes to dealing with computer viruses, malware and ransomware. A few high-profile events, as well as numerous incidents which have flown under the radar, have revealed just how damaging the shared approach can be.

With the IRS, AICPA and other agencies issuing increasingly strong guidance for tax and accounting professionals to protect client information, finance professionals should strongly consider the risk introduced through shared hosting service arrangements and evaluate if it is greater than the costs of having a more private system.

Cloud platforms available today are fully matured, delivering scalability and agility at price levels that are affordable even for very small businesses.  No longer solely for enterprise enjoyment, real cloud solutions and delivery models can be used by small businesses for desktop and application hosting without compromise. Every business deserves their own cloud, and we know how to make that affordable.

Cooper Mann works with teams deploying on the Microsoft Azure platform, offering an agility in design not previously available with legacy computing approaches. Because every delivery is absolutely private to each customer, the solution can be scaled up (or down!) on demand to suit the specific needs of the individual business. More important is the fact that each customer operates separately, so any bad behavior the system may suffer from is their own.

jmbunnyfeetMake Sense?

J

Posted on

Your QuickBooks Connected Services Will Not Work as Expected

“Your Connected Services Will Not Work as Expected”

Intuit has notified customers of Merchant Services that QuickBooks may not work as expected if they are not running the current release.

Source: Is QuickBooks (Desktop) up to Current Release?

Over the past few weeks, I have received calls from clients that have current versions of QuickBooks (2017, for example), but the software isn’t able to update because the customer doesn’t have a maintenance plan for the software. QuickBooks displays the message saying updates are available, but the user isn’t able to download the updates and receives a message indicating that they do not have a current or in-force subscription.

Intuit is making it clear that maintenance and support is not longer an option with QuickBooks.  Not having maintenance means not getting updates, and not having updates means parts of the software and its connected services stops working. Now, even your desktop QuickBooks is exclusively subscription-based.

Make Sense?

J

Posted on

4 Rules of Thumb Regarding Passwords and Authentication

Many people believe passwords are dumb.  They store their credentials for easy login, or maybe even leave the password blank if the app allows. For IT managers, forcing users to come up with a strong, unique password is definitely not an easy task.  Resting on convenience over security, many people would prefer to use familiar names and dates or simple phrases they can remember.  Even when IT departments try to enforce best practices there is often a struggle between honoring those standards and influencing user behavior.

Relaxed password standards allow users to set passwords that may be as easy to guess as they are to remember, and very strict requirements for strong and complex passwords often results with users storing passwords in document files or on post-it notes on the monitor. Setting password standards and managing the policy implementation requires a balance between usability and security, but more often than not the balance skews toward simplicity. Yet passwords aren’t going away any time soon, even while biometrics and multi-factor authentication methods grow in prominence.

It is most likely that new technologies and standards will be combined with passwords to protect critical data. Using only a password to protect information may not be the ultimate in security, but it is important to recognize that passwords remain as a key element in any security model. For now, passwords should be as strong and unguessable as possible.  As technologies and standards rise up to meet the demands of users as well as enterprises, there are likely to be changes in how passwords are used. Here are 4 rules of thumb to consider regarding passwords and where authentication technologies are going.

1. Your face might be your password.

Biometrics won’t fully replace passwords right away, but the use of biometric data for authentication is growing rapidly. Face recognition, fingerprinting and voice identification are all being employed as authentication mechanisms and users are embracing the technology because it is easier to use than a remembered password.  Smartphones and PCs have sensors for reading fingerprints and cameras for seeing faces, and microphones for hearing your voice.  Many systems are also now able to use geodata with the biometric data (matching person to place), making it harder to compromise an identity while also being less disruptive to the user. While the technology isn’t foolproof, it represents a major step towards creating more secure systems without placing the responsibility strictly on the user.

2. Two pieces of ID are better than one.

The point of multi-factor authentication is that there are two different pieces of evidence a user must present in order to gain access. For example, a password may be the first piece of evidence presented, with a pass code sent to a mobile device as a second. Even as biometric authentication grows in prominence, industry participants recognize that no single method covers all the bases all the time. Multi-factor authentication is gaining in prominence as users become more familiar with the methods and the implementations become less intrusive. AI may also influence how these systems are applied. As user behavior and transaction parameters are “learned”, systems can identify activities that fall outside of normal routines and additionally prompt users for single-use pins or passwords sent to their mobile device.

3. Businesses should learn from past mistakes.

With news of hacking, ransomware and malware being daily fare, companies and their users are realizing that password security really is important and are stepping up their security efforts. The information is available to help prevent businesses from making the same mistakes that others have, offering worst case scenarios a’plenty to learn from.  Using default passwords and recycling passwords across work and personal accounts, using unsecured network connections, not encrypting files that contain password information and failing to patch or update systems and software are entirely preventable situations that put information at risk. Taking the reports seriously and identifying mistakes to avoid is highly useful in designing security for the business.

4. There’s a growing ecosystem for authentication.

With the number and type of systems requiring authentication – from industrial control systems to dating websites – there is a great and growing need to find highly secure methods of authentication that are actually usable for the user. Even in the world of blockchain there is a need for “identity assurance” and confirmation when documents or biometrics are captured via smartphone. Fast IDentity Online (FIDO) is a set of security specifications for strong multi-factor authentication, developed by the FIDO Alliance. The FIDO Alliance includes members such as Google, Aetna, Amazon, Microsoft, Bank of America and Samsung, and developed the spec as an initial basis for standardizing authentication across platforms and systems at the client and protocol layers.  

Technology is changing rapidly and solutions once reserved for government and large enterprise are now entering mainstream consumer use. You’ve probably already noticed that banking and other apps are employing the use of fingerprint and other biometric data with increased frequency as users demand easier access to applications and features from their smartphones and other mobile devices.

These technologies sometimes replace traditional password entry as the primary means of authentication or augment password use in some manner. Even MasterCard has announced a component in its payment card solutions that allows users of next-gen payment cards to register their fingerprint data on their credit card.

The push is to allow users to interact with their tasks without putting up barriers to access.

A combination of usability and enhanced protection, the new standards are developing to address not just system security but identity verification for various purposes. Corporate information must be secured and so must personal identity information; simply read the news to understand what can happen when digital identity information gets compromised.

Whether the data is business or personal, keeping hackers and bad actors away from it isn’t easy, so strengthening the most basic first layer of protection – the password – is the best place to start.

Make Sense?

J

Posted on

Cloud Hosting Benefits for Business Owners and Their Accountants

Two-TallThe concept of running applications in the cloud is not at all new.  In fact, there are literally millions of business users accessing hosted applications and cloud app services every day, and adoption didn’t reach those numbers overnight. While the value of running software such as QuickBooks in a cloud model may differ from business to business but the underlying benefits are there for all to achieve.

The main value for some business owners is in being able to access information and data while traveling out of the office or when working from home.  Using almost any portable computer or mobile device, business users are able to get information on customers, orders, payments, and other valuable data regardless of the work location.  Being able to keep tabs on the business even when they aren’t there is very important to some business owners and secure remote access has become essential for today’s mobile workforce.

Where mobility motivates some to move to the cloud, collaboration is what drives others. For public accountants and small business bookkeepers this benefit becomes essential to effectively delivering services to clients. Because small businesses and the professionals that serve them do not operate in the same locations, the ability to work in the same software and data at the same or different times allows business owners and their accountants and bookkeepers to work seamlessly together in support of the business.  Business owners benefit from better financial data in real-time, and the accounting professionals are able to deliver results without time-consuming travel and doing the work on-site.

Business owners and the accounting professionals supporting them end up realizing the benefits of improved IT, where greater predictability in performance and cost matters. Businesses need to focus on their business and not on the IT which supports it, and outsource professionals such as accountants and bookkeepers need to be able to work with clients efficiently and without having to invest in expensive tools and services to make it happen.

When a cloud platform is deployed for the client business it can not only deliver benefits to the business owners and operation. A cloud-based approach can also provide tangible benefits in worker efficiency and productivity through improved access to information for the professionals who support the business.

Businesses need technology to support their operations, and the requirement generally spans far beyond pure accounting and finance. Unfortunately, many outsource bookkeeping and accounting professionals focus only on the accounting or financial systems when considering a cloud-based implementation, failing to consider the critical aspects of the operational level applications which support the various functions of the business.

This is often where a cloud hosting approach meets business needs better than a single cloud app. With a cloud hosting model, the existing business software and data can be “enabled” to allow accounting professionals access to the complete realm of business data, putting them in a far better position to ensure that the information resulting in the accounting system is of high quality and may be trusted.

jmbunnyfeetMake Sense?

J

Posted on

Next Generation Accountants and Businesses

Understanding the value and application of information technology is the cornerstone of building a successful “next generation” accounting or consulting practice. Professionals are finding that new opportunities to engage with new and existing clients comes from closer involvement with client financial and operational systems. Collecting and analyzing data, integrating applications and automating data exchanges, and leveraging cloud platforms and services is rapidly becoming the next level of “standardized” service offered by many professionals.

The pace of change is increasing, which makes it increasingly important for business owners to wisely select their technology partners and solutions. While many accounting professionals consider themselves to be the business owner’s trusted advisor, their clients often seek advice on increasing efficiency and reducing costs from software and IT consultants instead.

Yet conditions will change and could force the client business to make adjustments that impact the applications and services supporting the operation. Do the solutions in place have the agility necessary to meet changing business needs, being adaptable enough to meet new conditions or orientations? This is where accounting professionals can help their business clients make the right choices to address current and potential future needs.

Even as information management paradigms continue to shift, accounting professionals can help their business clients achieve better business performance and profitability through innovating workflows and increasing process efficiency. Whether or not the existing systems lend themselves to these efforts remains the question, and represents an area where the professional could provide great value.

Accounting professionals should look at services they can provide to clients that have direct and meaningful impact on operational efficiency and resultant profitability.  These areas represent not simply cost and efficiency improvements, but speak to quality of service and sustainability as well, creating better and repeatable outcomes that can support the operation even as operating conditions may change.

Improving data collection and analysis provides the foundation for understanding more about the operation, and delivers the insight required to identify areas where performance might be improved and then to prove the outcome.

Automating data exchanges and imports, eliminating redundant entry and the potential for manual errors, establishes structure in processes which can then be streamlined to deliver consistent and predictable results.

Utilizing cloud platforms and services allows the business to utilize the infrastructure required to support operations while providing a level of affordable scalability that doesn’t push the business beyond its reasonable boundaries.

What this discussion touches on is the subject of digital transformation and what that really means for small businesses and the accounting professionals who support them.

Rather than performing the accounting and financial work as after-the-fact participants, accounting professionals should help their business clients take a new view of processes and activities performed throughout the business, identifying areas where new approaches can be applied to increase efficiency as well as agility, developing a stronger foundation for growth and profitability. 

From the adoption of paperless and electronic workflows to merging social media with marketing and support activities, digital transformation represents an ongoing effort within a business to fundamentally shift from manual processes to electronic exchange, and expanding considerations beyond physical boundaries to include the virtual, as well.

All of this represents new opportunity and enhanced value for the accounting professionals ready to help their clients become “next generation” businesses.

Make Sense?

J

Posted on

4 Rules of Thumb for Better Mobile Device Security

Security threats are everywhere, lurking in alley ways and around corners and even in your favorite coffee shop. Yet mobility is in demand, and people will use their smartphones and other mobile devices because it’s convenient, even if company policy suggests against it.

This is a big deal for IT and security professionals and CIOs, which is why it took a while for IT to recognize the need to address mobile device security rather than simply deny mobile device use. With data breaches, ransomware attacks, hacks and information leaks happening on an almost daily basis, businesses must find ways to protect their valuable applications and data from loss or misuse while at the same time enabling mobile device use.

The following 4 rules of thumb are not comprehensive but are four essential rules of thumb to help guide business owners in addressing mobility management and security within their organizations.

Rule 1: Make sure there are clear mobile device use policies and support them with ongoing administration and strict enforcement.

I can’t say enough about having good security and mobile device policies and keeping them modernized, relevant, and actually enforcing them. Too many businesses say they have a “security and use” policy in place, yet it is outdated and doesn’t reflect the actual tools or processes currently in use.  Even more frequently a business will develop a policy just to say it has one, but won’t actually train workers or enforce compliance.

Rule 2: Require and enforce strong passwords, manage access in real time, and force password changes with some frequency.

It is essential that all user access to applications or data be controlled at minimum by password-protected logins to the device and corporate resources coupled with periodic forced password changes. Users often prefer to not require passwords or other authentication for device access, but corporate policy should not only require them but also enforce their use.  Also, user access should be managed in real time, meaning that any aspect relating to access should be disabled or revoked immediately upon employee termination or reassignment. Too often these forgotten chores are relegated to after-the-fact IT administration, which allows users to access resources beyond their rightful boundaries.

Rule 3:  Do something to contain the applications and data on the device.

Whether the approach is with containers, cloud hosting, server-based computing or something else, it is really important to try to “contain” the applications and data accessed from the mobile device. Risk is created when users sync data directly to the device’s storage or install applications directly on the device to access corporate data. Password and other security measures prevent unauthorized access, but allowing applications, credentials or data to be stored directly on the mobile device allows those things to interact with other things on the device.  Containers, hosting and server-based computing models keep the applications and data within secured spaces, often not even storing essential items on the device but only accessing them via the device. This allows the business to provide users with the access and functionality they need to do their jobs, but also reduces the vulnerability of applications and information assets.

Rule 4: Keep device software up to date and download fewer apps.

Updating mobile device operating system versions and release levels is important to make sure the device has the most current security patches and threat protection.   Some mobile OSes even have capabilities which can help keep personal and work apps separated.  Limiting the number of apps users can download to their devices should also be considered. Users may randomly download and install applications to their devices with little regard for the quality or security of the app, and often accept terms of use without really reading them. Consumer apps from app stores may pose risks to data and the device, so IT should check regularly for problematic apps if the device is used to access the corporate network, applications or data.

Mobile and wireless are in demand

Just about every business has people who use their phones and tablets for some business use, and every one of those mobile devices and the apps running on them could open the door for a hacker, ransomware, data theft or compromise. While there are many benefits to be gained by enabling remote and mobile devices in the business workflow, unrestricted access only creates risk.

Keeping mobile devices secure for business use takes multiple approaches, as there is no single method or solution that works for every situation. Our 4 rules provide a basic foundation for business mobility management, offering a starting point for developing a more thorough and detailed plan.

Make sense?

J