Utilizing Virtualization, the Cloud and How Your Business Can Stay Cyber Safe
Many business owners rely on computers for their daily tasks, conducting sales, and interacting internally and externally with customers. In their day-to-day roles, computer programs and the internet are virtually inescapable. For Jeff Dettloff, founder and CEO of Providence
Consulting, keeping up to date with technology, all while remaining safe online, is his full-time job. The company provides technology services, including equipment, licenses, user support and mobile infrastructure such as servers, switches, virtualization, the cloud, etc.
Dettloff began Providence Consulting in 2003 after significant changes and advances with computer technologies and Microsoft Office occurred, sensing business owners would need help with these advanced technologies. The electronics engineering technician launched the company with humble beginnings, and organic growth led to Providence Consulting’s consistent year-over-year double-digit growth.
Two much-used resources for many businesses are the ideas of virtualization and the cloud. While widely used, they’re also commonly misunderstood. Keeping files digital is convenient for business owners as a relatively fuss-free option compared to keeping paper copies or bulky filing cabinets.
According to a July 2018 Business News Daily article by Andreas Rivera, the cloud and virtualization are two seemingly interchangeable terms. Although similar technologies, Rivera argued their differences are significant enough to note.
“Virtualization is the fundamental technology that powers the cloud’s computing,” Rivera said. “This software separates compute environments from physical infrastructures, so you can run multiple operating systems and applications simultaneously on the same machine.”
Rivera continued to break down the two pieces of technology: “Virtualization is software that manipulates hardware, while cloud computing refers to a service that results from that manipulation.”
Dettloff said virtualization introduced a cost-savings method versus having to buy multiple physical servers and pieces of hardware. The technology allows users to run multiple computers virtually on one device. Many people get virtualization, and the cloud confused because they are both intangible things. Most businesses and consumers alike are familiar with the cloud programs, including social media platforms like Facebook and Instagram, Microsoft Office or Dropbox.
Chris Weiss, chief technologist for the Lansing-headquartered information technology firm Dewpoint, said cloud services can be both internal and external. “There are millions of cloud offerings, and more are coming online every day,” Weiss said. “Most people don’t realize that almost all mobile applications rely on some sort of cloud services backend. Cloud services are everywhere. Many organizations are leveraging cloud models for their internal IT as well. VMWare and many other vendors are creating cloud interfaces to existing virtualized infrastructure. This is greatly simplifying the provisioning of resources for internal IT.”
Because of this and other confusion or lack of knowledge about system programs and capabilities, users are at risk. Since users don’t know what they have, they cannot protect it or manage the risk, according to Dettloff.
“Security is all about risk management,” he said. Just like you might put an alarm system, a fence and cameras on your physical property, you should have the same sort of cybersecurity in place.
According to Don Cornish, Dewpoint chief information security officer, it is important businesses know what “normal” is for their systems. “Know what is on your network and where your critical data resides,” he said. “Know what normal looks like from a network or system perspective. If you do not know what normal looks like it is very difficult to look for anomalous behavior.”
The main drawback of cloud services is the varying levels of security. Many huge corporations have been victims of data breaches, hacks and unintentionally leaked millions of personal records. Everyone from Facebook to the Internal Revenue Service has experienced data breaches. As technology advances, these breaches are becoming more common. These ever-evolving technological advances are the prime factor in what makes catching these hacks, phishing emails and scams even harder to catch or prevent.
“The threat is constantly changing,” Dettloff said. He compared the idea of cybersecurity to that of the flu epidemic. Every year, the Centers for Disease Control and Prevention informs citizens how to keep germs at bay – simple common-sense methods like washing hands, covering your sneezes or coughs, staying home when sick, etc. Dettloff compared the need for repetitive, constant training on cybersecurity to the repetition of how to keep yourself from getting seasonal illnesses.
“People need to be frequently reminded,” Dettloff explained.
Founded in 1996, Dewpoint has a long success record of helping develop short- and long-term strategic technology plans for organizations, according to company Vice President Michelle Massey.
“Dewpoint collaborates with enterprise clients across numerous industries, including state and local government, health care, financial services, biotechnology, manufacturing, insurance and more,” Massey said.
From a business standpoint, despite repetitive cybersecurity training, interactive videos and pop quizzes, many employees still receive and act on phishing emails. This is because hackers have often studied behavioral patterns, use key buzzwords that entice email users or have researched an organization to find weaknesses. Many times, these emails appear to come from trusted sources, and employees who are merely doing their job take the bait. By clicking the malicious link, their personal information is taken within seconds.
According to Dettloff, the statistics show that about 16 percent of people will click the link in a well-crafted phishing email. But if the message comes from a trusted source, the percentage increases well over 20 percent. While only 5 percent to 8 percent of people will put in their credentials when asked during the attack, sometimes malware software is already being installed on their computer without the user knowing. Frequently targeted organizations include financial services, real estate and title companies, government and health care organizations.
Many companies don’t hire outside support like a consultant because they view it as an unnecessary expense or see the trainings as a distraction from everyday work. According to Dettloff, this is a huge mistake because cybersecurity is much like insurance: You don’t need it until you really need it.
“From a business owner’s perspective, they need to hire an expert that can help guide them through a risks assessment,” Dettloff explained. “Then look for gaps that need attention, then begin to fill those gaps with the proper security measures.”
Providence Consulting works with many nonprofits, law firms, architectural firms, heatlh care organizations, government entities and educators, ensuring that their data and users remain protected.
“Our biggest challenge is helping people understand that you need to do it now, not later,” Dettloff said. Once companies come to Providence Consulting following a cyberattack, the follow-up plan is often the same training that should have been used as preventative rather than clean-up post-data breach.
October is National Cybersecurity Awareness Month. Cyberattacks can be avoided if users continue to utilize caution diligently while on the web both in a professional and personal manner. To learn more on how to stay cyber safe visit makingtecheasy.com or dewpoint.com.