12 Cloud Questions Every Company Should Ask Itself

Demand for cloud services continues to surge, driven by corporations interested in software flexibility and scalability. But how secure is the cloud? No surprise, analysts predict security products and cloud-based security services will be a nearly $9 billion market by 2019.

With recent high profile cyber-attacks at companies like Sony and U.S. government agencies, cloud security is in sharp focus.

As we said in August, the C-suite likes the cloud’s flexible OpEx model (often deployed as a subscription-based cloud service) but may not totally grasp the implications of adopting the cloud. This can lead to well-founded (and not so well-founded) fears about the security of a cloud solution. As a result, many large companies are investing in the private cloud, while slowing their use of the public cloud.

According to one estimate, companies with more than 1,000 employees use an average of 1,154 cloud-based services, “ranging from enterprise-ready services procured by the IT department such as Office 365 to far lesser known and riskier services such as FreakShare.”

The report further estimates that sensitive corporate data makes its way to the cloud routinely, with 15.8 percent of documents in file-sharing services containing some form of sensitive content.

As we mentioned in our mid-year review, “Cybersecurity concerns have led many decision-makers to take a step back and consider private cloud or hybrid solutions as the starting point. Intrusions into corporate databases at Target, Sony, Home Depot and, just recently, the hacking of 22.1 million Federal employee records have led companies to think twice. Security issues, which have always been part of the cloud debate, are now center stage.”

While the above-named breaches generated quite a bit of attention, a study by the Ponemon Institute showed that breaches are much more widespread, with an estimated 43 percent of companies having experienced at least one data breach in 2014. Clearly, the enterprise cloud and local applications are both under attack. So what are corporations expected to do?

The bright side of this story is that many of the same security practices used to secure traditional enterprise applications also apply to the cloud.

To focus on preventing the risk of data breaches, ask yourself:

#12: What is your company policy when it comes to managing sensitive data and file sharing? On average, more than 25 percent of employees will upload files containing sensitive data to the cloud. 

#11: Are your cloud-based applications being monitored for inbound and outbound traffic anomalies? The difference between a minor incident and massive breach often comes down to the ability to quickly detect, contain and mitigate an attack. Analysts at the Ponemon Institute estimate it took retailers, on average, 197 days to identify an advanced threat and 39 days to contain it, while financial services organizations needed 98 days to identify and 26 to contain.

#10: How flexible and collaborative is your IT department in meeting the challenges associated with new technologies and quickly responding to security threats? The majority of IT managers are seeing a shift toward more collaboration and pooling of previously siloed resources, opening up opportunities for better cloud security measures.

#9: Is your cloud service provider responsible for security? To fully secure data in the cloud, enterprise IT teams should never solely rely on their cloud provider. Ensure you have a solid security strategy in place that is agnostic to the location of your data and applications. 

#8: How do you handle the riskiest of apps, storage? Cloud-based storage applications have access to very sensitive corporate data, particularly financial data.

#7: When do you identify and stop malicious insiders? A 2015 Experian study claimed that employees, particularly those working remotely or using their own mobile device, accounted for more than half of security incidents last year. A current or former employee, contractor, or a business partner with access through IaaS, PaaS, SaaS or traditional infrastructure, can often be the source of an enterprise’s greatest risk.

#6: How do you protect credentials from theft? In 2010, Amazon was subject to a cross-site attack that used malicious scripts in a benign account to launch more attacks. Many companies are prohibiting the sharing of accounts and now require strong two-factor authentication techniques. 

#5: Are you ready for next-generation technology and the Internet of Things (IoT)? Gartner predicts that the IoT market will grow to 26 billion units by 2020. With the proliferation of connected devices, is it any surprise that IT managers are increasingly concerned about the security risk of those devices? 

#4: Do you allow employees to use their own devices? The rise of bring-your-own-device (BYOD) and bring-your-own-application (BYOA) means that many cloud services and tools are sneaking into organizations under the noses of IT leaders. In a recent survey, more than half of the IT respondents said that when it came to cloud services, the biggest challenge was assessing the security risk before employee adoption. 

#3: How do you define and determine the best ways to deal with cloud abuse? The Cloud Security Alliance defines cloud abuse as “a bad guy using a cloud service to break an encryption key too difficult to crack on a standard computer. Another example might be a malicious hacker using cloud servers to launch a DDoS attack, propagate malware, or share pirated software.” 

#2: What cloud technologies are being shared, and with whom? Cloud service providers often share infrastructure, platforms and applications to deliver their services in a scalable way.

“Whether it’s the underlying components that make up this infrastructure (e.g. CPU caches, GPUs, etc.) that were not designed to offer strong isolation properties for a multi-tenant architecture (IaaS), re-deployable platforms (PaaS), or multi-customer applications (SaaS), the threat of shared vulnerabilities exists in all delivery models,” writes the Cloud Security Alliance. 

#1: Are you using the right tools? 60 percent of UK IT managers surveyed by The Register‘s cloud survey said they were using VPN connections, but only 34 percent said they were using cloud firewalls or encrypting data at rest. “The numbers continued to drop in regards to other preventative measures until the bottom of the list where only 15 percent percent said they were using obfuscation or tokenization of sensitive data,” The Register reported.

How do you secure your cloud applications? How many cloud-based apps are your employees using today?

Follow me on Twitter at @Pat_Patterson_V

Related Articles:

Smarter Cloud Networking is Here, and it Starts with Avaya

The rise of digital transformation, along with growing application and data center needs, has placed more security demands on enterprise networks than ever. So much so that half of CEOs believe their industry is going to become “substantially or unrecognizably transformed by digital.”

These dynamic changes are significant for IT managers, as they are responsible for expertly managing today’s increasingly complex networks. IT resources are entrusted with one critical job: find a way to securely and reliably deploy wired and wireless networks with complete control and visibility—anytime, anywhere.

This of course isn’t as easy as it sounds, especially for companies that lack the necessary IT resources or budget. In fact, “budget and resource constraints” was listed as one of eight top challenges cited by IT professionals in a global survey last year. The average company spent $400,000 on networking equipment in 2014—a number that increased by nearly 20% in 2015.

Here’s the good news: cloud managed networking has emerged as an affordable and efficient network management alternative for many companies. There are a large number of advantages to leveraging a managed cloud solution. First, the technology is easier to operate than an on-premises platform, accelerating time to deployment. The technology also requires virtually no in-house maintenance, which frees up internal teams to handle other high-priority tasks while drastically lowering the risk of manual, error-prone, on-premises deployment work. Perhaps best of all, managed cloud solutions enable businesses to optimize their expenses and reduce costs.

For IT managers, cloud networking translates into reduced day-to-day maintenance tasks (i.e., software upgrades, patches) and improved operational agility—all at a fraction of the cost of traditional solutions. Businesses understand these benefits; in fact, it’s expected that by 2020, 90% of IT industry growth will be fueled by third-party managed technologies.

There’s only one problem: cloud solutions of the past will never effectively meet today’s next-generation networking needs. Businesses require a managed cloud solution that explicitly addresses today’s core IT issues of reliability and security; a solution that enables them to not just survive, but thrive in today’s smart, digital world. That’s exactly why Avaya is announcing its all-new Cloud Networking Platform Solution.

Our advanced solution for large enterprises and medium-sized businesses is inherently built to address security and reliability head on, with a strong underlying focus on simplicity and ease of use. Here’s how businesses will uniquely benefit:

  • Deploy wired and wireless networks with minimal resources:

    Users can seamlessly centralize network management, visibility and control without the complexity of controller appliances or overlay management software. That means hardware (like switches and access points) that are installed on premises can be easily configured and managed in the cloud.

  • Add, change or modify network services on the fly

    : The agile nature of our solution allows IT managers to easily add, change or modify their network services via an easy-to-use dashboard, enabling them to meet their business needs as they inevitably grow and change. For example, zero-touch activation enables managers to automate software upgrades, patches and licenses in order to relieve maintenance burdens. The solution also boasts built-in guest and BYOD on-boarding.

  • Guarantee data isolation among cloud tenants with true multi-tenancy:

    This key security component of our solution guarantees that user traffic will always remain on your firewall-protected LAN. This way, cloud connectivity is only required for out of band management functionality. Meanwhile, standards-based encryption prevents visibility of communications between a customer site and the cloud.

  • Guarantee service availability with data center redundancy and data replication:

    Avaya’s solution helps ensure wireless access points act autonomously, even when the cloud connection is lost. Furthermore, the technology enables high availability by always processing traffic locally and providing security directly at the network edge in each access point.

As companies face insurmountable pressure to reduce IT resources and budgets, it’s clear that the market needs a smarter networking solution. Our new Cloud Networking Platform Solution allows businesses to enjoy the native benefits of the cloud that they have come to know and love, with the critical level of networking reliability and security they has been lacking—until now.

Learn more at our webinar “Debunking the Myths of Cloud Management” on October 26 at 10 am PST. Sign up now.

Service while you wait – eGain innovates to turn hold to gold

My first exposure to self-service IVR application development was back in the early 1990s. Over the years, I’ve participated in the evolution from simple menu-based interfaces (“Press 1 for sales, 2 for service…”), to full-blown natural-language interactions driven by intelligent, automated back-end capabilities (“Open the pod bay doors, Hal…”).

It’s still not perfect, and I find myself having to opt out and wait for a human agent more often than I care to. In fact, a study by Marchex released earlier this year estimated that I and my fellow Americans will be on hold in 2016 for more than 900 million hours. That’s a lot of wasted time.

So what do I end up doing? Mostly checking Facebook, responding to emails, and playing solitaire on my phone. Seems like my smartphone isn’t being used very smartly, and it’s certainly not making me happy when I’m sitting on hold and waiting for an available agent.

Since the launch of the Avaya Breeze™ Platform, we have been advocating the value of the Breeze platform to solve problems. Give us a use case (problem) and with Breeze, an innovative, scalable, secure solution can be developed in days to weeks. On hold time appears to be a major use case in need of an innovative solution.

In January, Forrester reported that 73% of customers say that valuing their time is the most important thing that companies can do to provide them with good customer service. So why make them waste time on hold (even if they are keeping up with their Instagram and Pintrest feeds) instead of actually helping them during that transition time from self-service to agent-assisted?

This is why I think eGain Corporation, one of our 2016 DevConnect Innovation Award winners, is onto something really big.

By creating the eGain Knowledge Snap-in for Avaya Breeze, Avaya customers can improve the overall experience and satisfaction of their own customers by making relevant information quickly available in a self-directed manner. In other words, eGain has innovated on Avaya a solution to the on hold problem.

How? By recognizing that an IVR user is calling with a smartphone, the Breeze-based workflow will work with eGain’s cloud-based knowledge base whenever the caller is queued between an IVR interaction and a contact center agent, presenting relevant content to the caller’s smartphone via SMS, based on the context of the information already collected via the IVR interactions, and allowing the user to self-select additional materials that are more visual in nature (such as basic repair-and-troubleshooting instructions, documents, or even video clips).

As a result, users can more often find their own answers before the agent becomes available. At a minimum, the customer will likely be better informed when talking to the agent, creating the opportunity for a shorter call overall.

Smartphone users have lots of ways to keep themselves busy while on hold. And while there is a certain enjoyable aspect to completing another level in whatever newest game you’ve loaded, nothing beats actually being productive when you have an issue you’re trying to solve. eGain’s Knowledge Snap-in and Avaya Breeze don’t just let end users mine for virtual coins in their spare time, they actually help turn those on-hold moments to gold for everyone.

Avaya Named a Leader in Gartner’s Magic Quadrant for Contact Center Infrastructure

Avaya is honored to be recognized as a leader in Gartner’s Magic Quadrant for Contact Center Infrastructure worldwide. Avaya has been the only vendor having the distinction of being named a Leader for 16 consecutive years. Each year the research organization creates a market view of key players for business users, reflecting business goals, needs, and priorities.

Contact centers have gone beyond phone calls with customers now expecting to communicate on their terms via text, IM, email, chat or video. For the past 16 years Avaya has created seamless and highly personalized experiences, building brand loyalty for companies all around the world.

According to Deloitte, 85% of organizations view customer experience provided through contact centers as a competitive differentiator. Todays companies must remain relevant by creating a single interface to connect customers with the correct resource each time, supporting their preferences. Supervisors and managers need real-time performance information to adapt immediately to situations to ensure optimized customer experience.

Avaya has focused its efforts on creating next-generation contact center solutions, creating communication strategies enabling a continuous transition between channels during customer interactions.

Please visit Gartner’s page to read the full report and see how Avaya’s Contact Center infrastructure continues to deliver best-of-breed Contact Center applications. We look forward to continuing innovation and leading business communications for the digital age.