12 Cloud Questions Every Company Should Ask Itself

Demand for cloud services continues to surge, driven by corporations interested in software flexibility and scalability. But how secure is the cloud? No surprise, analysts predict security products and cloud-based security services will be a nearly $9 billion market by 2019.

With recent high profile cyber-attacks at companies like Sony and U.S. government agencies, cloud security is in sharp focus.

As we said in August, the C-suite likes the cloud’s flexible OpEx model (often deployed as a subscription-based cloud service) but may not totally grasp the implications of adopting the cloud. This can lead to well-founded (and not so well-founded) fears about the security of a cloud solution. As a result, many large companies are investing in the private cloud, while slowing their use of the public cloud.

According to one estimate, companies with more than 1,000 employees use an average of 1,154 cloud-based services, “ranging from enterprise-ready services procured by the IT department such as Office 365 to far lesser known and riskier services such as FreakShare.”

The report further estimates that sensitive corporate data makes its way to the cloud routinely, with 15.8 percent of documents in file-sharing services containing some form of sensitive content.

As we mentioned in our mid-year review, “Cybersecurity concerns have led many decision-makers to take a step back and consider private cloud or hybrid solutions as the starting point. Intrusions into corporate databases at Target, Sony, Home Depot and, just recently, the hacking of 22.1 million Federal employee records have led companies to think twice. Security issues, which have always been part of the cloud debate, are now center stage.”

While the above-named breaches generated quite a bit of attention, a study by the Ponemon Institute showed that breaches are much more widespread, with an estimated 43 percent of companies having experienced at least one data breach in 2014. Clearly, the enterprise cloud and local applications are both under attack. So what are corporations expected to do?

The bright side of this story is that many of the same security practices used to secure traditional enterprise applications also apply to the cloud.

To focus on preventing the risk of data breaches, ask yourself:

#12: What is your company policy when it comes to managing sensitive data and file sharing? On average, more than 25 percent of employees will upload files containing sensitive data to the cloud. 

#11: Are your cloud-based applications being monitored for inbound and outbound traffic anomalies? The difference between a minor incident and massive breach often comes down to the ability to quickly detect, contain and mitigate an attack. Analysts at the Ponemon Institute estimate it took retailers, on average, 197 days to identify an advanced threat and 39 days to contain it, while financial services organizations needed 98 days to identify and 26 to contain.

#10: How flexible and collaborative is your IT department in meeting the challenges associated with new technologies and quickly responding to security threats? The majority of IT managers are seeing a shift toward more collaboration and pooling of previously siloed resources, opening up opportunities for better cloud security measures.

#9: Is your cloud service provider responsible for security? To fully secure data in the cloud, enterprise IT teams should never solely rely on their cloud provider. Ensure you have a solid security strategy in place that is agnostic to the location of your data and applications. 

#8: How do you handle the riskiest of apps, storage? Cloud-based storage applications have access to very sensitive corporate data, particularly financial data.

#7: When do you identify and stop malicious insiders? A 2015 Experian study claimed that employees, particularly those working remotely or using their own mobile device, accounted for more than half of security incidents last year. A current or former employee, contractor, or a business partner with access through IaaS, PaaS, SaaS or traditional infrastructure, can often be the source of an enterprise’s greatest risk.

#6: How do you protect credentials from theft? In 2010, Amazon was subject to a cross-site attack that used malicious scripts in a benign account to launch more attacks. Many companies are prohibiting the sharing of accounts and now require strong two-factor authentication techniques. 

#5: Are you ready for next-generation technology and the Internet of Things (IoT)? Gartner predicts that the IoT market will grow to 26 billion units by 2020. With the proliferation of connected devices, is it any surprise that IT managers are increasingly concerned about the security risk of those devices? 

#4: Do you allow employees to use their own devices? The rise of bring-your-own-device (BYOD) and bring-your-own-application (BYOA) means that many cloud services and tools are sneaking into organizations under the noses of IT leaders. In a recent survey, more than half of the IT respondents said that when it came to cloud services, the biggest challenge was assessing the security risk before employee adoption. 

#3: How do you define and determine the best ways to deal with cloud abuse? The Cloud Security Alliance defines cloud abuse as “a bad guy using a cloud service to break an encryption key too difficult to crack on a standard computer. Another example might be a malicious hacker using cloud servers to launch a DDoS attack, propagate malware, or share pirated software.” 

#2: What cloud technologies are being shared, and with whom? Cloud service providers often share infrastructure, platforms and applications to deliver their services in a scalable way.

“Whether it’s the underlying components that make up this infrastructure (e.g. CPU caches, GPUs, etc.) that were not designed to offer strong isolation properties for a multi-tenant architecture (IaaS), re-deployable platforms (PaaS), or multi-customer applications (SaaS), the threat of shared vulnerabilities exists in all delivery models,” writes the Cloud Security Alliance. 

#1: Are you using the right tools? 60 percent of UK IT managers surveyed by The Register‘s cloud survey said they were using VPN connections, but only 34 percent said they were using cloud firewalls or encrypting data at rest. “The numbers continued to drop in regards to other preventative measures until the bottom of the list where only 15 percent percent said they were using obfuscation or tokenization of sensitive data,” The Register reported.

How do you secure your cloud applications? How many cloud-based apps are your employees using today?

Follow me on Twitter at @Pat_Patterson_V

Related Articles:

2017 Avaya Customer Innovation Awards Honor Five Companies Leading the Way in Digital Transformation

Every year, Avaya and IAUG recognize a handful of customers who are innovators. These customers are recognized with Customer Innovation Awards. Last year’s award winners included a number of technology firms. This year’s five award winners, recognized on stage at Avaya Engage in Las Vegas, include three customers in the financial services sector, a leading global retailer, and a leader in the film production industry.

Each of these customers is benefiting from the latest Avaya solutions to meet business goals—whether the goals are growth, customer experience, cost management, or risk mitigation.

BECU

BECU, which began life 80 years ago as the Boeing Employee Credit Union, today is the fourth largest credit union in the US, with over $12 billion in assets and over a million credit union members. In 2016, BECU embarked on a digital transformation journey focused on the customer experience. BECU relies on Avaya Elite Multichannel running on an Avaya Pod Fx™ infrastructure.

BECU engineer Rick Webb says, “BECU is rapidly expanding and needed a technology partner that could support that expansion and keep our members happy. The Avaya Elite Multichannel infrastructure does just that, while providing increased flexibility and allowing BECU to better meet the expectations of our more than 1 million members.”

Green Shield Canada (GSC)

Green Shield Canada (GSC) is a one of the leading health and dental benefit carriers in Canada, with over 850 employees across seven locations. Starting last year, GSC is deploying the Avaya Equinox™ Experience and seeing strong results. Competing with larger players in its industry, GSC sees strong collaboration among its workforce as a key ingredient for success.

Jim Mastronardi, GSC Director for Enterprise Infrastructure says, “Green Shield Canada has over 850 employees across seven offices in Canada—from Montreal to Vancouver. We saw an opportunity to explore technology upgrades that would enhance company-wide communications and bring our teams across Canada closer together. With just a single training session, employees have hit the ground running with the Avaya Equinox tools. The video conferencing option has provided a solution to overbooked meeting rooms, and the instant messaging feature is already cutting down on the number of emails being sent.”

Scotiabank

Scotiabank prides itself on “being a technology company providing financial services.” As a long-time Avaya customer—and a beta customer for Avaya Oceana™ and Avaya Oceanalytics™—Scotiabank is on a digital transformation journey to better serve bank customers worldwide. Scotiabank contact centers located in Canada and the Caribbean & Latin America region have benefited from a next-gen centralized architecture leveraging the latest Avaya solutions to better serve customers.

Scotiabank has already developed and deployed Avaya Oceana and Avaya Breeze™ apps, and continues to innovate in an ongoing drive to improve customer service and meet customer needs in a competitive market. The success of Scotiabank’s transformation program has enabled the bank to move with greater agility, improved reliability, and speed to market. This has changed the framework for deployment from months/years to days/weeks while improving the overall ROI/TCO.

The Crossing Studios

The Crossing Studios is one of Vancouver’s largest and fastest growing full-service studios and production facilities for film. The firm caters to companies like Fox, Nickelodeon, Showtime, and Netflix. The Crossing Studios were unhappy with the stability and quality of the disparate systems previously in place across their seven studio locations. In 2016, The Crossing Studios deployed a Powered by Avaya IP Office solution offered by local provider Unity Connected Solutions.

Powered by Avaya IP Office has improved stability, reduced TCO and provided the advanced features that the business needs to serve a very demanding film industry client base, including high scale audio conferencing, extensive web collaboration, and rich multi-vendor HD video conferencing. CTO Mark Herrman says, “We needed something that would support our rapid growth, support our clients, and support our bottom line. Thanks to IP Office and the hosted cloud model, we’re able to keep pace with dynamic, fast-moving film productions, staying as flexible as our clients need us to be.” Estimated savings are in the six figures for the first year alone.

Walgreens

Walgreens is using custom Avaya Snap-ins to bring centralized contact center reporting capabilities to local branch sites, for compliance purposes and to help improve the overall customer experience. Avaya Professional Services were instrumental with the deployment, which relies on an Avaya Pod Fx infrastructure.

These companies are each leaders in their respective industries. As part of their digital transformation journeys, they recognize that when it comes to selecting a trusted technology advisor, “experience is everything.” #ExperienceAvaya.

Avaya Predictions for 2017 Services Trends: Top Focus is on Smart Customer-Centric Engagement

Recently, we asked six Avaya services experts to help us reflect on the past year and to peer ahead into 2017. Our panel:

  • Richard English, Managing Director, Avaya Professional Services
  • Camille Lewis, Product Management Director, Avaya Client Services
  • Barbara Sidari, Customer Engagement and Executive Cadence, Avaya Client Services
  • Thomas Brennan, Vice President of global support services, private cloud and managed services delivery
  • Michael Sale, Director Online Engagement, Avaya Client Services
  • Dan Pratt, Senior Director, Business Transformation and Strategy, Avaya Client Services

According to our six experts, our predictions for these 2016 trends proved to be spot on—and they will continue to be a force in 2017:

  • Use of hybrid/private cloud

    will continue to dominate for large enterprises until public cloud providers can demonstrate that compliance to privacy/security regulations such as HIPAA can be achieved. However, Public Cloud is quickly becoming a flexible and effective delivery model for the midmarket.

  • A flexible delivery model

    to achieve growth in modular steps that helps IT maximize ROI and support rapid business scaling has been, and will continue to be, extremely successful. Taking some of the burden off the enterprise enables IT managers to focus on more strategic corporate initiatives.

  • The need for person-to-person human touch

    will continue to rise. It will become critical in 2017 as unassisted support and self-healing systems grow smarter in identifying trends and problems before they happen and engage in machine-to-machine maintenance for resolution. The use of video will be more widely used, providing personalization and higher customer satisfaction.

The panel thinks that 2017 will mean an increasing focus on smart customer centric engagement when it comes to service. In 2017, it’s all about using analytics and even smarter technology to increase customer satisfaction (CSAT) scores, loyalty and revenue—and to achieve a better return on investment.

The Avaya panel sees these three trends emerging in 2017:

  • Transforming legacy systems and increased customer use of omnichannel will streamline the customer journey to increase customer satisfaction, loyalty and revenue.

    For example, many retailers will transform their Contact Centers into profit centers. The shopping experience for their customers starts on the mobile device or web-based applications—retailers want it to end with an order placed. The customer will experience a seamless transition from mobile to voice (or to web chat or video) without having to repeat who they are and what they want to purchase. The agent will already know the value of the customer to their company and will provide a personalized shopping experience.

  • Analytics, Internet of Things (IoT), and big data will enhance the experience of the Customer Journey.

    The predictive and preemptive active workflow will match people to people, machine to machine, as preferred by the customer for maximum satisfaction and profit. For instance, service vendors will use data captured from customer service requests, alarms, outage history, and project volume to identify risks and take appropriate actions to proactively mitigate issues. Utility companies can leverage web-based applications to proactively communicate to customers the status of affected service areas via maps on smart phones, reducing the burden of customers calling the service center to report an outage. Similarly alarm companies will analyze alarms and preemptively fix them before the consumer arrives home.

  • Demand for holistic application service management will grow as siloed and disparate cloud applications shift focus from managing assets in the field to delivering on business processes.

    Enterprises will need a dashboard that provides a single pane view by business process vs CPU performance. The workforce needs to be trained to leverage all the data in a way that includes human touch.

The year 2017 promises to be very exciting as service transforms and demonstrates its value by preemptively fixing issues before they become problems. It is imperative that knowing the customer and providing what they want, as well as the human touch, will become ever more critical in a big data world. After all, it’s all about the customer experience!

What do you see emerging in 2017? Drop me a note at sithomso@avaya.com

Avaya Aura® Platform—The Original Pragmatic Hybrid Cloud

In a recent InfoWorld post David Linthicum wrote of “an organic movement driven by rank-and-file enterprise IT people who simply want to solve their issues using the best technology and approach.” Linthicum called this the “pragmatic hybrid cloud.” Reading this from the perspective of someone with decades of experience in the enterprise communications market, my immediate reactions was, “Aha, he’s talking about the Avaya Aura® Platform.” He isn’t, but here I’ll explain why this thought struck me.

Linthicum writes, “What this movement has discovered is that you can combine the public cloud and modernize some of your legacy systems to be more cloudlike.” That is exactly what Avaya customers have been achieving in an evolutionary process spanning almost two decades. Long before the term cloud came into vogue, Avaya customers have been able to gain the benefits of the cloud paradigm while avoiding the need to comprehensively lift workloads to a public cloud provider and the need to wholesale forklift and abandon existing investments.

Today, many Avaya customers—including a large swath of the globe’s most notable organizations in industries ranging from financial services, to healthcare, to government, and many small and medium businesses—process their mission-critical workloads using a combination of premise-based solutions and both public and private cloud-served applications. It is a “pragmatic hybrid” approach that since the mid-2000s has provided these Avaya customers with unparalleled reliability, cost savings, and business agility.

The Avaya Aura Platform is the reason why. Avaya Aura had its genesis in a time tested methodology for allowing geographically distributed organizations to link islands of resources to gain economies of scale. Back in the day, to create either a contact center that followed the sun or a single enterprise communications solution that served the needs of a worldwide workface, expensive dedicated circuits were required. As IP Telephony evolved, companies began to use packet-switched technologies to more cost-effectively link together distant resources into single holistic systems. Rather than centralized in isolated locations, communications applications could now be seamlessly and cost-effectively shared across distances. This made new ways to organize communication assets and the work that depended upon those resources possible.

Avaya’s great insight was to take advantage of the session initiation protocol (SIP). Over time Avaya’s customers have “pragmatically” converted the networking connections of their existing standalone investments to create fabrics of SIP internetworked appliances. The Avaya Aura® Session Manager lets companies treat their owned assets as part of a private cloud and combine those resources with public cloud capabilities both from Avaya and from a growing ecosystem of additional providers. It is a strategy that has resulted in significant cost savings while unleashing new innovation.

Today the Avaya Aura Platform has moved far beyond simply a “pragmatic hybrid” for sharing resources. It has become a strategic tool for many organizations. It gives companies a flexibility and agility to adapt and reconfigure at the speed of business. Avaya Aura has also opened the doors to both internal Avaya inventions and new external development.

Avaya Breeze™ Platform is but the latest application development platform that takes advantage of Avaya Aura. Avaya, Avaya’s customers, and an industry of third-party companies are leveraging Breeze with their own creativity for solving business problems. Breeze allows the creation of unique ways to leverage the inherent capabilities of Avaya products in combination with cloud and third-party capabilities. Whether those assets reside in a private data center, on premises-based servers, or in public clouds, because of the Avaya Aura Platform, the only barriers to progress are the limits of human ingenuity.

Linthicum concluded that, the “pragmatic approach is very sensible. It makes the most of what you have, reducing the need for new resources and letting you transition to the cloud at a pace you can handle, both in terms of cost and time.” Your Path, Your Pace, Your Choice, where have I heard that before? Avaya circa 2004 maybe? Nice to see the industry finally following Avaya’s lead.