Archive - News RSS Feed

Five Things You’ll Learn at Kaseya® Connect

Kaseya Connect Banner

If you haven’t decided to attend Kaseya Connect this year, what are you waiting for? Here are five things you’ll learn at this year’s event:

  1. How the cloud is changing what businesses expect from IT

    Forrester Principal Analyst, Dave Bartoletti, will share the true state of cloud adoption, why companies choose cloud services and how, and what this means for IT professionals in MSP and IT organizations.

  2. The largest opportunities for MSPs to drive new, profitable growth for their businesses

    MSPAlliance CEO, Charles Weaver, will present his thoughts on the largest opportunities for MSPs to drive new, profitable growth for their businesses, this year and beyond.

  3. How to reduce risk in a time of increasing security threats

    Security breaches are continually in the news. Kaseya Connect will offer numerous sessions on how to mitigate risk and better protect information through solutions for Identity and Access Management (IAM), endpoint protection and more.

  4. How to deepen your Kaseya expertise and take your IT management skill set to the next level

    With detailed product breakout sessions during the conference and an offering of in-depth pre-conference training, Kaseya Connect offers a multitude of opportunities for deepening your Kaseya skill set.

  5. Why you should join the IT Management Cloud Revolution

    And finally, Kaseya President and CEO, Yogesh Gupta, will talk about the IT management cloud revolution and the great opportunity it presents for the MSPs and IT organizations who decide to join it.

These are just a few highlights from the Kaseya Connect agenda. Register for Kaseya Connect today.

MSP Pricing Survey – Sticky Bundles, Higher Fees

Bundling strategy increases value and stickiness

The message is clear, small and medium businesses are very interested in bundled services. A recent newsletter from AMI-Partners, I-Signal*, which reports findings from their research programs, indicates that SMBs are 3 to 4 times more interested in bundled services than in single services. They gain more value from bundled services and are loath to switch service providers unless they can do so without disrupting their existing business. The strong interest in bundled services supports the notion that SMBs are indeed more interested in value than price, despite their insistence to the contrary.

The 2014 Kaseya MSP Pricing Survey results clearly show that faster growing MSPs are both bundling their services and limiting their bundles to a small number of tiers. The ideal scenario is to interest prospects to a basic level of service and then quickly upsell them to a comprehensive service bundle. The rationale is simple. To be most effective MSPs need to be able to monitor and manage as many aspects of a customer’s IT infrastructure as possible. When there are large gaps in coverage or when there are several service providers involved, finger pointing becomes inevitable and diagnosing who did what when becomes a major portion of the support work. When an MSP can take primary responsibility for the production infrastructure and is able to monitor it from a single IT management solution, cause and effect are much easier to identify, and process improvements can more easily be put in place to reduce the volume of disruptions and the subsequent unplanned remediation work. The chart below compares higher and lower growth companies. From the survey results less than 15% of higher-growth MSPs now offer a la cart pricing, most succeeding by offering a small number of bundled services.

MSP Pricing Survey: number-of-service-tiers

By offering a comprehensive service bundle and discussing the value of having a single service provider, the MSP also avoids the challenge of being “nickeled and dimed” by customers trying to get a better deal. That is by picking apart the bundle and trying to get a lower price for several bundle components. Higher growth MSPs will even turn prospects away if they are not willing to buy a complete service or if they are not willing to accept the MSPs standardized approaches. The cost of supporting one-offs is simply too high.

High growth MSPs achieve higher fees

The chart below shows the prices that MSPs are achieving for their most frequently sold service offering and indicates that by bundling service capabilities together a greater portion of higher growth companies are obtaining higher fees than those growing at less than 10%.

MSP Pricing Survey: most-frequently-sold-sales-service-offering

Profitable growth means gaining more customers and upselling existing ones. MSPs that focus primarily on selling to smaller firms (and thus obtaining lower monthly fees) often have a hard time growing their businesses quickly and meeting profitability goals. By carefully standardizing offerings and pricing inexpensively, but profitably, to attract smaller businesses it is, of course, possible to maintain a viable business. But with smaller deals the cost of customer acquisition can be more than the revenue to be earned in a single year and small customers are less able to afford, and have less need for, additional services. Plus smaller businesses have limited budgets. This means their primary focus when procuring products or services is price. Because of this they are also harder to retain as customers over time.

Customer retention generally improves as the number of services provided increases due to the “stickiness” of bundled services and the increasing level of interaction between client and service provider. When only a single commodity service is provided there is little to prevent clients from shopping for cheaper alternatives during their budget cycles. In consequence, it’s beneficial for MSPs to increase the average size of their customers together with their average deal size over time, consistently improving both their technical and sales and marketing efficiencies as they grow.

Another mistake that smaller MSPs often make when bidding for larger contracts is to underprice. Their justification is that the larger number of devices to be managed creates an expectation that the unit price should be lower. In reality, the larger the infrastructure, the more challenging it is to manage. So rather than charging a lower price, MSPs should recognize the greater value they can deliver and actually determine their pricing based on the increased complexity they will be handling; the more complex the infrastructure the greater value in having a managed service provider take responsibility.

The 2014 Kaseya MSP Pricing Survey results clearly indicate that faster growing MSPs are able to achieve higher prices. They also offer more services via comprehensive service bundling and focus their sales efforts on attractively sized deals.

Pricing MSP services for growth and profitability

These topics and much more are discussed in detail in our webinar Pricing MSP Services for Growth and Profitability. The webinar highlights the results of the Kaseya 2014 MSP Pricing Survey which was completed in September 2014.

Reference:
* AMI-Partners I-Signal

Author: Ray Wright

Kaseya Connect: Come for the Conversations!

Register for Kaseya Connect!

Every year Kaseya holds its premier user conference, Kaseya Connect. If you are a Kaseya customer, you have probably seen the promotions, and are asking yourself, “Should I attend?” As you might expect, the Connect event features all of the right components:

  • A lineup of impressive speakers who will provide valuable information about Kaseya’s vision, strategy, and plans, plus expert insights on industry trends and direction:
    • Yogesh Gupta, CEO, Kaseya
    • Dave Bartoletti, Principal Analyst, Forrester Research
    • Prakash Khot, CTO, Kaseya
    • Steve Chazin, VP, Products and Online Marketing, Cisco
    • Don LeClair, EVP, Product Management, Kaseya
    • Charles Weaver, CEO and Co-Founder, MSPAlliance
  • Numerous technical sessions, demonstrations, tips and tricks from Kaseya technical experts
  • Business sessions on offering new services, differentiation, keys to success, and efficiency
  • Product demonstrations showing the latest product capabilities
  • Two days of certification training (optional)
  • And it is held at the beautiful Omni Orlando Resort at ChampionsGate, a Four Diamond resort surrounded by 36 holes of championship golf, pools, spas, restaurants, and an 850-foot lazy river!

These are all good reasons to attend, but having attended Kaseya Connect last year, I encourage you to come for the conversations! I am talking about conversations with like-minded individuals – MSP owners, technicians, administrators, IT Ops leaders – people who face the same challenges and opportunities as you. I had a chance to listen to 100s of these conversations last year, and I was impressed to hear the ideas, insights, and innovative solutions being shared.

One of my favorite examples of good conversations comes from Chris Anderson, Director of Managed Services for Infranet Solutions in Quincy, Massachusetts. During last year’s Kaseya Connect event, Chris made it a point to build out his community contacts to the point where he is now part of a formal group sharing automation scripts. Using existing scripts and creating new ones is the key to efficiently and effectively managing large numbers of endpoints. Chris tells me that the collaboration group’s sharing of ideas and actual scripts is substantially improving their speed-to-automation.

Of course, conversations with Kaseya leaders and very smart technical people are always valuable. The demonstration stations at Connect are always full and the interactions lively. Find Prakash Khot, Kaseya CTO, and he will regale you with insights on virtually any topic. Yogesh Gupta, Kaseya CEO, prides himself on talking to every single attendee. Arriving early for breakfast and the last person standing at the end of the evening, he claims to have achieved his 2014 goal!

So come to Kaseya Connect for the conversations: April 14-16, 2015 at the Omni Orlando Resort in Florida. I hope to see you there.

Author: Tom Hayes

MSP Pricing Survey – MSPs Grow but Size Matters

The Kaseya 2014 MSP Pricing Survey results clearly demonstrate that the managed services market is a significant growth opportunity. Almost 100% of the customer survey respondents had experienced positive monthly recurring revenue (MRR) growth over the past three years. We asked respondents to select from a range of MRR growth rates starting with less than 0% and ending in greater than 20% growth. The results were fairly evenly spread across all ranges – see chart below – except for a very small negative growth segment, suggesting that there could well be key differences in approach taken by faster growing MSPs. To examine these differences we split the responses into two, roughly equal groups, one for MSPs who had experienced MRR growth at greater than 10% per annum and one for MSPs whose MRR had grown at less than 10%.

msp-avg-growth-chart

MSPs with 10 or More Employees Grew Faster in 2014

One interesting survey result is the impact of organization size on MSP growth rates. MSPs in our higher growth segment (MRR >10% per annum) tended to fall into the larger employee size categories in comparison to their less rapidly growing counterparts – see chart below. Clearly MSPs with less than 10 employees found it much harder to grow faster than 10% per annum, despite the fact that they typically started with much smaller monthly revenues. Almost 50% of MSPs growing at less than 10% a year fell into the less than 10 employee category. In sharp contrast, the highest proportion of higher growth respondents fell into the 11 to 25 employee category, suggesting that once MSPs break through the 10 employee “barrier” they are able to generate higher MRR growth.

msp-growth-chart

Several factors contribute to the challenges facing smaller MSPs and their ability to get onto a higher growth track. In general, smaller businesses contract with smaller service providers and professional services firms; larger businesses like to do business with larger and more established organizations – see table below. This is because businesses judge other businesses based on their own level of maturity. Younger, smaller businesses having smaller budgets are, understandably, concerned more about price than reputation. As businesses grow, risk becomes an increasingly important purchase factor and firms look to suppliers and service providers who imply lower risk. Having more staff, a solid reputation, greater revenues, more clients, etc., are all indicators that a service provider might prove more reliable than a smaller competitor.

msp-size-chart

Fast Growing MSPs with Less Than 10 Employees – Keys to Success

Nevertheless, approximately 1/3 of the MSPs who fell into the less than 10 employee category were able to grow their MRRs at faster than 10% a year. The keys to higher growth include:

  • Value-based pricing – selling on value to the client not on cost plus or market match
  • Charging more to support larger clients who have more complex needs – not less because of higher volume.
  • Offering bundled services.
  • A clear path for existing customers to adopt additional service offerings.
  • Leveraging automation extensively to maximize the efficiency of their technician and engineering staff.
  • Focused managed services sales and/or marketing capabilities – less focused on resale.

Pricing MSP Services for Growth and Profitability

These topics and much more are discussed in detail in our webinar Pricing MSP Services for Growth and Profitability. The webinar highlights the results of the Kaseya 2014 MSP Pricing Survey which was completed in September 2014.

About the 2014 Kaseya MSP Pricing Survey

The MSP pricing survey was conducted in September and October. It’s the fourth annual Kaseya MSP customer survey and it attracted almost 700 responses from MSPs around the world. Respondents manage from less than 100 devices to more than 10,000 devices, operate from a range of different business models, and undertake a variety of different roles within their organizations from owners and principals to administrators and technicians. The survey included questions on a broad set of topics including demographics, growth rates, services offered, pricing strategies, the prices charged for a variety of services, and price revision plans for 2015.

Author: Ray Wright

The Managed Services Market is Evolving – Fast!

High growth forecast for key managed services

Many key elements of the global managed services market are forecast1 to grow at double-digit rates. For example, Mobile (MDM) and BYOD managed services are expected to grow at around 27% per year through 2016. Private cloud services – where a service provider offers managed co-location or dedicated instances – are expected to grow at 22%. Public cloud services, as a whole, seems to be growing at around 17 to 18%, but within that, SaaS is growing at 19.5%, managed security services at 22%, and systems infrastructure and IT Ops management at over 40%. One of the fastest growth areas is office suites in the cloud, which is approaching a growth rate of 50% per annum. All of these represent significant opportunities for MSPs to support their small and medium size business (SMB) clients’ cloud migration plans and their IT service deployment, management, mobile computing and security needs.

Good news for MSPs

In fact, increased managed services and cloud services spending by SMBs will fuel much of the demand for the wide variety of services MSPs provide. According to the latest research from Markets and Markets2, the annual growth of the SMB managed services market will exceed 20% over the next five years. Furthermore, AMI-Partners3 forecasts that SMBs will spend $140B on cloud services in 2014 growing to $285B by 2019, an average growth rate of over 15% a year. Therefore despite estimates that overall SMB IT spending will grow only in the low single digits, SMB spending on cloud and managed services will account for an increasing portion of SMB IT budgets and will grow at a much faster clip.

Adoption of cloud and managed services drive changes in customer requirementsM

The overall growth in the managed services market represents a significant opportunity for MSPs but it’s important to note that customer requirements are also evolving – and quite quickly. Customers of cloud services are benefiting from lower costs, greater agility, and better service availability. Recognizing these benefits, they have become more willing to accept standardized managed service approaches and to transfer more responsibility for elements of their infrastructure to their trusted MSP partners. Most have already migrated from limited break/fix-type contracts to more comprehensive offsite monitoring services. And while some would prefer the assurance of having service provider staff onsite, the savings realized by using offsite staff are quite significant. The high growth of both cloud and managed services indicates recognition that IT, in all its manifestations, is becoming more complex. There’s an increasing willingness to outsource more infrastructure management responsibilities; some to cloud providers who provide commoditized “whatever” as a service (XaaS), and some to hosters and MSPs who deliver customized or specialized service solutions geared towards meeting specific SLAs and customer key performance indicators (e.g. high availability with critical app response time guarantees).

customer-demand-chart

Changing customer attitudes foster acceptance of a broader set of services

MSPs are now able to successfully offer more comprehensive services without the traditional push-backs about outsourcing IT and loss of control. Pay-as-you-use pricing, standardized interfaces and features, lack of infrastructure to support, agility and rapid time-to-value, are together outweighing concerns about security and performance. Freeing up internal resources to work on innovation and development, while employing MSPs to maintain the IT infrastructure, is more often seen as a competitive advantage. The net result is that MSP customers want simpler IT solutions and are contracting with service providers to manage away the complexity.

Bundled services increasingly popular

Another important change is that SMBs are increasingly interested in bundled services. Many want to further reduce complexity by doing business with fewer suppliers and by minimizing payment and support management costs. In fact, bundled services are perceived as having a much higher value than discrete services – a preference for Plat du Jour versus Chinese menu pricing strategies – as it were.

plats-du-jour

This fact was highlighted recently by AMI-Partners. They asked SMB companies about interest in bundled and integrated cloud services. The results mirror the situation with consumers of telephone, Internet and cable TV services. SMBs prefer the idea of bundled services over single services by a significant margin, depending on the nature of the service. For SaaS services, the ratio is four to one in favor of bundled services. For Infrastructure as a Service, the ratio is over three to one.

Pricing MSP services for growth and profitability

These topics and much more are discussed in detail in our webinar Pricing MSP Services for Growth and Profitability. The webinar highlights the results of the Kaseya 2014 MSP Pricing Survey which was completed in September 2014.

References

  1. Forbes: Gartner Predicts Infrastructure Services Will Accelerate Cloud Computing Growth
  2. Market and Markets, Managed Services Market – Market Forecast and Analysis
  3. AMI-Partners I-Signal

Author: Ray Wright

IAM Profitable: Get Your Piece of the IAM Market

IAM is Profitable

If you’re an MSP or an IT service provider, then you’re involved in a business model that’s always looking to improve its offerings and increase its bottom line. With the global IAM (Identity and Access Management) market increasing at an explosive rate, being able to offer authentication and password management isn’t just a smart move, it’s also a safe move!

How is offering IAM a safe move?

With stricter security compliance requirements being laid down by nearly every industry, country, and state, and with high-profile security breaches, like Home Depot, seeming to occur every month, businesses everywhere are finally opening their eyes to the risk their outdated password and security protocols pose.

This means that there is a definite need for these solutions, so the investment itself is safe. Also, having such a solution in-house is in itself a “safe” move. The market demand for IAM is due to the risk breaches pose. If you’re going to offer a way to mitigate that risk, why not take advantage of it yourself, and gain the same benefits you provide your clientele.

How is offering IAM a smart move?

If you can capitalize on potential customers’ need to update their security and authentication, then there is a lot of profit to be made. The key to doing so is differentiating yourself from your competition, and to accomplish this, you need to find an IAM solution.

What should you look for in an IAM solution?

There are innumerous small features which are nice to have, however, there are truly five key things you should look for first: comprehensiveness, cloud compatibility, multi-tenancy, vendor support, and the ability to integrate with your existing infrastructure.

Comprehensiveness

It’s not the number of tools you have that matters, it’s how effectively you’re able to use them. Many IAM products on the market these days focus only on a few aspects of the entire process. To find a winner, the IAM solution you decide upon should cover all the aspects your clients are facing, whether they require stronger authentication, password management, or even user auditing. As an added bonus, having fewer moving pieces (programs) decreases the chances of encountering a conflict when you’re setting up the solution, for yourself or your customers.

Cloud Compatibility

Systems that work in the cloud avoid one of the most difficult hurdles faced by service providers trying to provide IAM services: managing the internal servers. Moving to the cloud effectively puts those severs at an equidistant point from both the provider and the client. This makes the whole process that much simpler.

Multi-Tenancy

With multi-tenancy, you can easily separate the data of each client and yourself, while working within a single installation. This is absolutely critical for an MSP or IT professional providing password or security services to multiple clients. Multi-tenancy is designed for MSPs rather than end-users, eliminating the need for multiple installs and making the management process more efficient.

Vendor Support

When your client needs something quickly, you’re going to need some help unless you know everything about the solution you offer. While knowing more is always good, sometimes questions will elude you, and at that point you’ll be glad your vendor is available for some help, support, and insight.

Integration with Existing Systems

If you already have a number of systems in place that do various things, wouldn’t it be ideal if your new IAM solution integrated nicely with them? Whether it’s Kaseya on your network, or Office 365 on your clients, having an IAM solution that works with what you have is great, and if it’s designed to work with those products, then that’s even better.

If your clients (and potential clients) are looking for a solution to their security and authentication problems and you’ve gone with the wrong solution, your clients will be disappointed with the results. You will face an uphill battle of implementing new protocol and dealing with systems that just don’t make sense for you or your client. With the right solution you become the expert, an invaluable resource to your client. You become their solution, and then you’re able to easily resell the software because they will spread the word of how well it works for their needs.

High-profile security breach scandals are hitting the press with alarming frequency, and compliance standards are advancing at a pace that organizations simply can’t keep up with. Companies found in non-compliance could face fines or lose access to valuable industry resources. If your business is able to offer solutions to these problems, then clients will be handing you money to you in an attempt to make their problems go away. Your bottom line will move up just that much higher.

Now, before you go off full of hope for an increased in profit, looking for Identity and Access Management solutions for your business to offer, let me throw another factor into the mix. You’re reading this blog on the Kaseya website, then you’re likely a Kaseya customer. If you are, or you’re interested in becoming one, it is important to ensure that the solution you choose supports a Kaseya integration. Kaseya AuthAnvil is one such solution. Their suite fulfills the requirements set above, and offers single sign-on, password management, multi-factor authentication, and many other useful features. So, if you’re looking for a Kaseya-optimized IAM solution, there’s no better place to start.

For more information on offering IAM to your customers: Click Here
For more details on Kaseya AuthAnvil: Click Here

Author: Harrison Depner

IT Management Community Participation Extends Knowledge and Adds Value

Waltham Community Meetup

This week I attended a Kaseya “Local Meetup” event in Waltham, Massachusetts, and it struck me again just how important it is to have a strong IT community. In the Meetup evaluation forms, virtually everyone who attended said that sharing ideas with like-minded people was a key benefit to attending the event. Without exception, everyone left the meeting with new contacts and friendships in the IT management community.

A few things about the meeting really hit home:

Tips and Tricks:

Kirk Feathers, a leader in the Kaseya technical community, led a “Tips and Tricks” session, sharing interesting and innovative approaches to maximize the usage and benefit of IT management tools, both from Kaseya and its partners. Everyone in the room chimed in, asking questions and offering their own insights. Copious notes were being taken. And more than once, two or more people set up follow on conversations on particular topics.

Collaboration Groups:

Establishing collaboration groups is a great way to stay in touch and share information. Chris Anderson, Director of Managed Services for Infranet Solutions in Quincy Massachusetts, shared a great story about collaboration groups. I met Chris earlier this year at “Kaseya Connect,” our annual user conference. During his three days at the event, Chris made it a point to build out his community contacts to the point where he is now part of a formal group which is sharing automation scripts. Using existing scripts and creating new ones is key to efficiently and effectively managing large numbers of endpoints. Chris tells me that the collaboration group’s sharing of ideas and actual scripts is substantially improving their speed-to-automation.

Feedback and Input:

Mads Srinivasan, product manager for Kaseya’s mobility management solution, shared the latest mobility management development work, complete with a demonstration. The purpose was to obtain feedback and input from the group on the features and presentation layer. The session had a good 30 minutes of excellent feedback and suggestions. Mads had an ulterior motive in that he wants 100 beta customers to test out the latest work; virtually everyone in the room signed up.

Time before and after the event was reserved for networking and everyone took advantage. People had a chance to meet the many Kaseya leaders who were present, but more importantly, they built out their IT management community connections. By the end of the event, business cards were swapped, and emails were exchanged all around.

This experience also reinforced the importance of the “Kaseya Community” program, which includes sponsoring these local Meetups, forums for sharing, event postings, etc. All Kaseya users should join to share information and learn about the latest happenings.

Author: Tom Hayes

Dropbox wasn’t hacked. Some of their users just dropped the box…

Dropbox Security Breach

A mixed metaphor never hurt anyone, but when you mix your passwords into everything it’s not going to go well.

Password mixing (reusing passwords) is what many believe was the cause of the recent Dropbox account “breach.” Using the same passwords for everything is a huge problem. A chain is only as strong as its weakest link, and with passwords the same applies. The more websites you use a password on, the more likely it is to be leaked in a breach, and unfortunately, the reach and potential for damages from that breach also becomes greater.

Reused Password Graph

It’s not a difficult concept if you consider it for long. If one password is used on five websites, then that password is five times as likely to be leaked, as there are five times as many locations where that password is being stored. At the same time, that password provides access to five times as many websites, which means that there’s potentially greater than five times the amount of information available to the person accessing it than one account would have on its own. The more information they have, the easier it becomes to gain access to other accounts. This appears to be what happened with Dropbox.

Think of it this way, if I gain access to your email, then I can reset the passwords of almost every account tied to that email. What are the chances that your email contains information about your choice of banking institution, online shopping account, or PayPal perhaps?

This wasn’t a breach of Dropbox’s systems; it was a failure of their end-users’ password management skills. When users reuse their passwords across so many websites, they sow the seeds of their own ruin.

For system administrators, the source of this problem is painfully apparent. Quite often, a system administrator will have to remember ten or more passwords just for their day-to-day tasks. Add onto that the 20 or so personal accounts that need passwords and the 30 passwords needed for various lesser-used accounts and systems, and you wind up with an obscene amount of passwords to remember. Now consider every end-user that the system administrator manages. How many passwords do you think those end-users each have?

This is why password reuse is such a problem. There are just too many passwords for anyone to handle!

That’s why you need some sort of solution to the password problem. Now, there’s no need to hire some developer to build you a password management system, you just need a password management solution. Let’s throw one more factor into the mix. If you’re reading this blog, there’s a good chance that you’re already a Kaseya customer. If so, then make sure that the solution you choose supports a Kaseya integration. That way you can accomplish even more from a single pane of glass.

Only Kaseya AuthAnvil solves that problem, allowing organizations to secure their most valuable asset – their data – by minimizing the risk of password-related security breaches. Learn more about AuthAnvil.

Author Harrison Depner

Get Your Head Out of the Tech: A Realistic Look at Cloud Computing

Cloud Inspection

To understand new technologies, one must first get past the misinformation and pierce the veil of hype to see the product as it actually is. As you can see from the graph below, tech hype progresses in a fairly typical cycle. Currently, we’re just passing the peak of inflated expectations and are beginning to see the beginning of negative press. The relatively recent iCloud incident and death of Code Spaces are just the tip of the iceberg which soon will plunge cloud computing into trough of disillusionment, where it will remain until people realize what purpose cloud computing actually serves, climb the slope of enlightenment, and set out across the plateau of productivity. This same process happens with every major technology hitting the market. Video killed the radio star, and internet killed the video star, yet we still have radio stations, and television networks. The media simply hypes everything out of proportion.

In spite of the trend set by the media, many technologists try to provide realistic advice to people before they throw out their old technology in preparation for the new. Cloud computing isn’t going to eliminate the need for older systems. If anything, it will just augment their purpose. In the following post, I will outline five key elements of cloud computing in a way that shows their upsides and downsides.

Hype Cycle

Accessibility: Boon and Bane

If a user is on a business trip, they can access the same resources that they can at work. The simple ability to access resources from anywhere within the same network is a boon, as it removes much of the need for an internal infrastructure. Unfortunately, as was noted by a French Philosopher, British PM, and a man dressed up as a spider, “with great power comes great responsibility.” Accessibility without appropriate restriction is a highly dangerous risk. A cloud-based system on its own cannot know that your users should not be attempting to log in from Elbonia. If your system is made more accessible to your end-users, then it’s also being made more accessible to everyone else.

In a nutshell, IF your access security is well developed, then you can reap the benefits of increased availability, otherwise you’re going to have a bad time.

Maintenance: Can’t Someone Else Do IT?

This entry would have suited a different article entirely, but it works extremely well for the purpose of realistically portraying cloud computing.

There are two ways this scenario typically plays out. Your cloud-based service provider could be amazing — handling updates, resolving issues, and generally fixing everything before you even notice something has gone wrong. If that’s the case, then you’ve reduced the need for the services of your IT department and in-house infrastructure, thus significantly reducing overhead.

Unfortunately, such a result is not guaranteed, and if your provider leaves a lot to be desired, then your experience is going to be less than positive. Rather than staying ahead of new issues as your in-house techs did, your provider may instead do the bare minimum, only completing tasks when they’re specifically told to do so. Micromanagement is expensive, and the potential service outages resulting from poor service can be costlier than maintaining your old in-house IT infrastructure ever was.

In a nutshell, it all comes down to quality of service. If you move to the cloud and your provider is great, then things will run smoothly. If they’re less than stellar, then your experiences will reflect that.

Reliability: Now With More Points of Failure!

The reliability of a system can always be judged by the number of potential points of failure, and the redundancy (or lack thereof) surrounding those points. Cloud computing is very interesting in how it shifts the reliability of a system from hardware functionality, to relying on the availability of services.

Consider the following, if cloud based systems and in-house systems were both types of vehicles, then in-house would be some sort of SUV, while cloud-based would be some type of high-performance car. This means that their relative performance comes down to the presence of a well maintained road (internet connection). If the road is always going to be available, then the high-performance car will outright win; however, the moment they need to go off-road the SUV has a clear advantage.

I explain it this way, because it’s effective at pointing out the shortcoming of the cloud based model. If you have no internet, then you have no access. If you have an in-house infrastructure and the internet goes out, then work can still be done across the internal network. The high-performance cloud-mobile may be significantly less likely to break down, but without the internet providing access it will just sit idle during those periods.

Security: Something Old, Something New…

Security in the cloud is one of those hot-button topics, so let’s keep this as concise as possible. Companies like Code Spaces, which were bankrupted due to poor cloud security practices, provide a generous justification for their systems to be top-of-the-line. This means that cloud services and cloud service providers are often extremely focused on security. At the same time, there is no action without a cause. The reason why they are so security minded, is because they are aware that, in addition to the usual risks an in-house system may encounter, the new features which the cloud is built upon (such as multi-tenancy, shared resources, and availability) open up new vectors for attack which previously could only be theorized. This means that, while the security in the cloud is often quite strong, there are also new weaknesses which can or may circumvent those defenses.

Costs: You Get What You Pay For

In many instances, cloud service providers offer pay-for-usage models of pricing. This means that you pay based on the resources you are using, and the duration of the time they’re in use. In many cases, this is more cost effective than having the same systems in-house. This adaptability and scalability can be great for any business. On the flip-side, consider cloud based infrastructure the same way you would consider leasing a property. It can be more affordable and ideal to lease an office; however, in some cases it’s more cost effective and practical to buy the property. Whether or not you get a good cost-effective deal for your cloud-based infrastructure comes down to planning for your needs.

Whether you’re planning on migrating to the cloud, are remaining in-house, or are deciding on which you would prefer, the first step to building a strong IT infrastructure is finding the right platform to build upon. Kaseya was designed and built with security as the fundamental building block to its core architecture. To learn more: Click Here.

If you’re interested in some ways to protect your cloud-based IT infrastructure: Click Here.

Author Harrison Depner

IT Security Compliance Requirements and State Laws

State laws have always been a tricky subject when the internet gets involved. Unless your business is large enough to hire a squadron of legal representatives, you just have to accommodate for them. In this article, I’m going to outline three of these state laws which may apply to your business. Fair warning: This article should in no way be construed as legal advice. I’m not a lawyer and I don’t even play one on TV.

California Compliance Law

State: California

Law: CalOPPA (California Online Privacy Protection Act)

Who it applies to: Any commercial website or online service that collects personal information about “individual consumers residing in California who use or visit its commercial Web site or online service.”

What the law requires: CalOPPA can seem to be a fairly complicated law, so let’s break it down into a simpler form. This law focuses on how you handle personal information, and more specifically how your website or service responds to “Do Not Track” messages. This sounds like it could become difficult, but fortunately the law doesn’t require you to respond to “Do Not Track” messages. Instead it only requires that you disclose whether you do or don’t respond to those messages. In other words, you can ignore “Do Not Track” messages and collect personal information despite them; however, if you do that you will need to say so in your privacy policy.

If you decide instead to respond to “Do Not Track” messages, you will need to disclose how you respond, and while CalOPPA doesn’t specifically define how detailed your disclosure must be, it’s safe to assume that such disclosure should be accurate.

Fortunately most websites already have privacy policies, and adding a few lines that state you don’t respond to those messages, or alternately do and your practices around that, isn’t too difficult a task.

Nevada Compliance Law

State: Nevada

Law: NRS 603A (Security of Personal information)

Who it applies to: This law applies to “any governmental agency, institution of higher education, corporation, financial institution or retail operator or any other type of business entity or association that, for any purpose, whether by automated collection or otherwise, handles, collects, disseminates or otherwise deals with nonpublic personal information” of Nevada residents.

What the law requires: This security law sets forth a number of legal obligations for those to whom the law applies. In a nutshell, these obligations include:

  • Protocols surrounding the destruction of records containing personal information. (603A.200)
  • The maintenance of “reasonable security measures to protect” those records. (603A.210)
  • The disclosure of breaches which affected the stored personal information of NV residents. (603A.220)
  • Mandatory PCI Compliance for organizations that accept payment cards. (603A.227)
  • The encryption of Nevada residents PI in transmission, and during the movement of storage devices. (603A.227)

What does this mean in a general sense? Well, if this law applies to you or your clients’ businesses, then you have a lot of work to do. Fortunately, these compliance requirements are fairly typical and you may not have to make any changes at all if you’re already PCI compliant. If you do business with residents of Nevada and you’re not following these practices… well, I highly recommend you start working to follow these practices immediately. Some sources point out that this law technically has a national and international reach for any group handling the personal information of Nevada residents.

Massachusetts Compliance Law

State: Massachusetts

Law: 201 CMR 17.00

Who it applies to: Every person or organization that owns or licenses personal information about a resident of Massachusetts and electronically stores or transmits such information.

What the law requires: Fortunately this law is written in a fairly comprehensive way, so it is quite easy to explain. For those to whom this law applies, it is required that a comprehensive information security program exist, and that said program cover all computers and networks to the extent which is technically feasible. This security program, when feasible, is required to…

Have secure user authentication protocols which provide:

  • Control over user IDs and other identifiers.
  • Reasonably secure assignment and selection of passwords, or use of unique identifier technologies, such as multi-factor authentication.
  • Control of passwords to ensure they are kept in a location and/or format that does not compromise the security of the data they protect.
  • Restriction of access to active users and active user accounts only.
  • The ability to block access after multiple unsuccessful access attempts, or limitation placed for the particular system.

Secure access control measures that:

  • Restrict access to records and files containing personal information to those who need such information for their job.
  • Assign unique identifications and passwords, which are not the vendor supplied default to any person with access.

As well, the security program must include:

  • Encryption of all transmitted records and files containing PI which will travel across public networks or wirelessly.
  • Reasonable monitoring of systems for unauthorized use of or access to personal information.
  • Encryption of all personal information stored on laptops or other portable devices.
  • Require a reasonably up-to-date firewall protection and operating system security patches for systems containing personal information which are connected to the Internet.
  • Reasonably up-to-date versions of system security software which must include malware protection with reasonably up-to-date patches and virus definitions, or a version of such software that can still be supported with up-to-date patches and virus definitions, and is set to receive the most current security updates on a regular basis.
  • Education of employees on the proper use of the computer security system and personal information security.

As you can see, I saved the best for last. This law, just like the one from the state of Nevada, can have a national or international reach. Now I didn’t write all of this for you to panic about. I feel that these three laws serve as a good motivation for any business to improve their IT security and IT policies in general. Additionally, these three laws in combination provide a great framework that any business could build their IT security upon. Security is not the job of a single person, nor is it the job of a single business, instead it is a task for everyone.

The first step to building a good home is laying down a strong foundation. Similarly, the first step to building a strong and compliant IT infrastructure is finding the right platform to build upon. Kaseya was designed and built with security as the fundamental building block to its core architecture. To learn more: Click Here.

If you’re interested in learning more about PCI compliance: Click Here.

If you’re interested in another interesting compliance requirement for Law Enforcement: Click Here.

Author Harrison Depner

Page 1 of 2312345»1020...Last »
-->