Benefits of SaaS

Most business owners face the ongoing challenge of reducing costs yet at the same time driving increases in revenue. One way for a business to reduce costs is to invest in SaaS applications. Not familiar with SaaS? Gartner defines software as a service (SaaS) “As software that is owned, delivered and managed remotely by one or more providers. The provider delivers software based on one set of common code and data definitions that is consumed in a one-to-many model by all contracted customers at anytime on a pay-for-use basis or as a subscription based on use metrics.”

You might be asking yourself, What are a few examples of SaaS applications? SaaS applications include but are not limited to, Google, Twitter, Salesforce, and Mozy cloud backup. Because SaaS applications have significant benefits, they are rapidly penetrating the IT market. Benefits include low cost, pay-as-you-go subscription model, and little to no maintenance for the business owner.

As already mentioned, cost savings is always front of mind for a business owner. SaaS applications can save businesses money on multiple fronts. The biggest cost savings come in the form of not needing to purchase any on-premises hardware. The SaaS provider supplies the appropriate software and resources to get the customer up and running quickly. Using Mozy as an example, the customer purchases the Mozy service and then downloads the Mozy backup software via a silent install. In a relatively short time, the customer can be securely backing up important files.

The pay-as-you-go business model is simple yet efficient. Pay as you go gives you the benefit of accurate budgeting practices as well as the ability to forecast accordingly on costs as you scale your business. Pay as you go also gives you the flexibility of not being tied down by lengthy contracts that can hinder your business operations.

An additional benefit of being a SaaS customer is that the provider is responsible for making sure systems are up to date and that security is handled effectively. This is a huge upside for the customer because the IT department can utilize its time and resources on business-critical priorities. Security is something that SaaS providers do not take lightly. For example, Mozy data centers are world class, embracing the highest of security measures, including 24x7x365 onsite monitoring and security, temperature controls, backup power supplies, fire suppression systems, and biometric scanners.

The benefits of SaaS go far beyond what we’ve discussed in this post. SaaS applications provide numerous benefits across many different industries making it one of the fastest growing industries. In October of 2014, EMC further showed its commitment to the SaaS industry by acquiring Spanning, backup for born-in-cloud applications such as Office 365, Google Apps, and Salesforce. If you’re not already taking advantage of SaaS applications, now is the time to be asking yourself, “What can SaaS do for me?”

Why Should You Be HIPAA Compliant?

HIPAA, otherwise known as the Health Insurance Portability and Accountability Act, sets certain standards for how you handle and safeguard patient data. If you are in the healthcare business, you are required by law to be in compliance. But what does that mean exactly and why is it important? Let’s examine compliance a little closer so you can understand why it is a must for your business.

What It Means to Be HIPAA Compliant

There are many elements that make up the security standards set forth by HIPAA. In order to be compliant, you must meet all of them and continue to evaluate your systems as you move forward.

Safeguards

There are two main types of safeguards that you have to put in place: physical safeguards and technical safeguards.

Physical safeguards cover anything physical, including limited access to the facility and strict controls on who gets access. These safeguards also extend to any company you are working with that has access to your facility and the electronic storage media you use as well.

Technical safeguards cover who, what, and how people access and use the health data stored on your servers. This includes various aspects of security such as unique user IDs, emergency access policies, automatic log off policies, and encryption and decryption methods and usage.

Network and Transmission Security

One of the latest safeguards put in place by HIPAA is network and transmission security. These regulations cover how you transmit data and govern everything associated with that data, including email, file transmissions, Internet, and more. These policies not only dictate how you handle transmissions from one network to another, but even how data is handled on private networks as well.

Technical Policies

These policies include how you handle data and media in your organization. Set procedures and plans must be put in place for things such as disaster recovery and offsite backups, and even include how IT will handle any media failures to ensure the integrity of patient data and the policies you will use to quickly retrieve that data if needed.

Rule Enforcement

In addition to your security policies, you must put in place procedures to follow to enforce the new rules put in place and include the penalties that can be incurred if employees do not adhere to the standards and procedures to the letter. You must also continue to enforce these rules as you move forward.

Breach Notification

HIPAA extends far beyond what you would consider traditional security. In order to be HIPAA compliant, you will need to put in place set policies and procedures to follow if there is a data breach. These policies include how you notify any affected parties.

So Why Try to Be Compliant?

Why bother agreeing to these complicated regulations just to reach compliance? The quick answer is that compliance is the law! If you are dealing with anything healthcare related, including patient records, you must be compliant in order to conduct business. Second, compliance can be a huge selling point for your business, even you don’t deal with healthcare data today. Security has become an increasing concern among both businesses and individuals, and if you meet the government standards for security, you will be able to advertise that to your customers.

Conclusion

HIPAA compliance is complicated yet must be followed and adhered to by any business or individual that handles healthcare data. The more familiar you become with these regulations, the less likely you are to fall out of compliance. As complicated as HIPAA is, there are benefits. Not only will your business be more secure,  it will meet important government standards that safeguard sensitive data. That’s peace of mind to your security-minded customers.

The Nuances of Cloud Computing

The cloud has already changed the way data is stored, and while cloud storage is the most common feature of cloud computing, it is by no means the only, or the most innovative aspect of this digital resource. Here’s a look at cloud computing and what it can do.

Storage and Computation
The cloud does a lot more than you might think. For instance, cloud computing is used for gaming, especially by Microsoft in regards to the Xbox One console. While the cloud is great for data storage, it can also be used for computing tasks via the Internet. The Xbox One may boast some pearly specs, but what makes it truly powerful is that it can outsource some of the computations to the cloud which in turn allows the console to deliver better graphics, a higher frame rate, and increased bandwidth.

Another benefit of the cloud is that it’s cost effective. If you use it primarily for storage, the amount of storage you get for the cost is the best deal on the market. If you were to buy external hardware for data storage, for instance, it would be a far larger investment.

The flexibility the cloud provides is its biggest benefit. Access extra computing power or any data anywhere you are. Whether your work requires travel, or you find yourself most productive out of the office, the cloud works for you.

Storage Encryption
When data is stored in the cloud it is encrypted at the point of travel and while at rest within the cloud’s physical data center. When the data arrives at its destination an integrity check is applied that compares the data sent to the data received. This weeds out any anomalies or potential tampering that may have occurred in transit. However, the true security is the cyber perimeter, hosts, and applications. While in-transit data is a concern, data centers are big targets for potential cyber threats. Sophisticated data center operations help ensure that your data is secure regardless of the type of threat its exposed to.

The Cloud and Businesses
The cloud has changed businesses forever. Boiled down, the cloud is a cost-saving technology. It is an easy way for businesses to share information, projects, and resources with employees, clients, and customers.

Not only has the cloud made the cost of operations lower, it has also made it easier to start a business. This has led to a influx of startups and entrepreneurship around the world. Small companies can share collective infrastructure costs in the form of  subscription-based cloud services, such as Mozy by EMC. Small businesses are no longer tasked with a grand initial investment in terms of computing infrastructure, which promotes creativity in terms of new startups.

Mobile workforces have become common. A central office is no longer needed for businesses, especially small ones, which cuts costs even further because the cloud can be accessed by employees anywhere. Quite simply, cloud computing has changed where and how people work in profound ways.

What do you want in 2016?

It’s 2016. That’s right, another new year is here. If you’re like most people, you probably feel obligated to come up with a resolution or two. You can do that by quickly analyzing the past year, determining what you did well, admitting what you didn’t do well, and then deciding what you would like to accomplish this year.

At this point, you probably should be asking yourself two questions:

  1. Do I want to change?
  2. How do I want to change?

Let’s start with the first question: Do I want to change? If the answer is yes, then move on to the second question, How do I want to change? If the answer is no, then do nothing. Just keep on doing what you’re doing. Face life as it comes at you. Nothing wrong with that.

Answering the second question requires some courage because if you’re being honest about where you are in life, you’re going to have to admit that you’re doing some things well and other things not so well. Or maybe you’re not doing them at all.

You probably already know what you’re doing well. Usually, those are the things you do with confidence and with endless energy and lots of enthusiasm. On the other hand, the things you aren’t doing so well aren’t always so apparent. This is where a good friend comes in handy. If you want to know what you aren’t doing so well, just ask a friend. But be prepared because you might not like the answer. And your good friend (at least for now) might even take things to the next level by telling you what you’re not doing at all but should be doing.

If after asking your friend what you need to work on convinces you that he or she is right, then take some quiet time to reflect on how you can make improvements. In some cases all it might take is a minor adjustment or two. Sometimes just being aware of what you’re not doing well or what you could be doing is motivation enough to get you to do it.

Answering the question “How do I want to change?” requires courage because you have to do more than just face life as it comes at you. You’re not just reacting to life. Instead, acknowledging that you want to or need to change requires action. Action is a verb. You’re deciding what’s important to you and you’re going to do something about it—now. In simple terms, you’re deciding that you want to get from point A to point B. So you come up with a plan. The outcome is important enough to you that you’re committed to that plan regardless of the challenges or the unexpected. You’re going to succeed! You’re going to make 2016 a great year!

From all of us at Mozy, best wishes to you in 2016. Your future is as bright as your commitment to make the changes you decide you want to make.

When Old Tech Becomes New Tech

Every few years we are forced to upgrade the devices that are so much a part of our everyday lives. In fact, we explored the limited lifespan of technology in a recent blog post. For example, the resolution on your new camera soon becomes grainy when compared to what’s available just months after you’ve made your purchase. Smartphone operating system upgrades soon make it impossible to run the apps that you so love. That 42” TV just doesn’t show your football game like the new 80” 4K Ultra HD that stares you down every time you hit the electronics section of your favorite store.

The rapid advance in technology is causing a glut in tech devices such as computers, mobile devices, camcorders, game systems, computer hardware, and video players. In 2014 the world produced 41.8 million metric tons of e-waste. To put that in perspective, that amount of garbage would fill 1.15 million 18-wheel trucks. If you lined up those trucks they would stretch from New York to Tokyo and back again! The EPA estimates that only 15-20% of e-waste is recycled and the rest goes to the landfill. Once the materials in the computers start to break down or are incinerated, they release a variety of toxins that are harmful to the environment as well as to humans. Unfortunately, a lot of that e-waste could have been recycled, up-cycled, or useful to someone else.

I found out that I am part of the 68% of consumers who are stockpiling old devices for no reason. For starters, I have an old iMac G5, a ‘90’s Compaq computer, and a handful of phones and mp3 players. You can probably relate. So it’s time we start doing something about the problem! It’s time we stop dumping them and adding to the fastest-growing source of waste; instead, we can save time, space, and money by properly “disposing” of out-of-date devices.

There are many local organizations that would love your old tech; for example, schools and low-income members of the community. And your donations are tax deductible. If you don’t want to spend the time to find a taker, there are organizations that will pick up your items, refurbish them, and donate them to someone in need. human-I-T is one organization in particular and is a non-profit that transforms unwanted or inoperative technology and makes it operational again for those in need. Consumers as well as companies like LinkedIn, Google, and Cars.com have all reduced e-waste and benefited the community by donating technology to human-I-T.

If you are worried about the data on the device, organizations that refurbish outdated technology follow strict guidelines on removing data from devices so that it can no longer be accessed. This process follows guidelines specified by such laws as Health Insurance Portability and Accountability Act (HIPAA) and Federal Information Security Management Act (FISMA).

Your old tech can find new life with low-income families, veterans, those with disabilities, and schools and organizations. Consider that in 2014 human-I-T was able to divert more than 15 tons of e-waste from landfills. But even more importantly, what was once considered waste was turned into tools to help kids to stay current in their studies and the unemployed to find jobs.

Source;
https://www.causesinternational.com/ewaste/e-waste-facts

The True Cost of Poor Cybersecurity

It might be the oldest attitude in the books: “It won’t happen to me.” Or, “I’ll take care of it later.” But there is a reality that can be costly to businesses, even to the point of taking a business offline or out of commission for good. We’re talking about cyberattacks. They can happen to anyone, anytime. The cost? —Six figures? Seven figures? Ten figures? Depending on the size of the business, any one of these amounts is possible. Take a look at our infographic to explore the true cost of poor cybersecurity.


THE TRUE COST OF POOR CYBERSECURITY: The 5 Worst Data Breaches and Most Costly Viruses
Everyone thinks it always happens to someone else and they are safe from a cyberattack. The companies and individuals on our countdown certainly thought that. Cyberattacks can happen to anyone at anytime.   Whether it is hackers or self-replicating viruses, poor cybersecurity can end up costing you a lot.

5 Worst Data Breaches
#1 American Business Hack
Year: 2005–2012
Records Lost: 160 million
A hacking ring from Russia and Ukraine targeted banks, retail chain stores and payment processors, stealing more than 160 million credit and debit card numbers and more than 800,000 bank account numbers.
#2 eBay
Year: 2014
Records Lost: 145 million
No credit card information was compromised; however, hackers stole customer names, addresses, date of birth, and other personal information. Password information was also compromised. The online auction house simply asked customers to change their passwords immediately.
#3 Heartland Payment Systems
Year: 2006–2008
Records Lost: 130 million
Heartland, one of the world’s largest payment processing companies, was hacked using malware, resulting in the loss of credit and debit card numbers. The mastermind behind the crime was given a 20-year jail sentence, the longest handed down for a computer crime. Heartland ended up paying credit card companies $100 million in claims settlement related to the breach.
#4 TJX
Year: 2003
Records Lost: 94 million
The parent company to stores like T. J. Maxx and Marshalls has said hackers took credit and debit card numbers, and in some instances entire customer identities were stolen, including driver license numbers. The breach ended up costing TJX $256 million and was masterminded by the same person who was in charge of the #3 Heartland hack on the countdown.
#5 Anthem
Year: 2015
Records Lost: 80 million
Names, Social Security numbers, and other sensitive information ideal for identity theft were taken from the second largest health insurance company in America. The hack was said to have originated in China.
5 Most Costly Viruses
#1 MYDOOM
Year: 2004
PCs Infected: 2 Million
Damages: $38,000,000,000
MyDoom was a worm spread through e-mail. 1 in 4 e-mails carried the virus at one time. Mydom was a line in the program’s code (mydomain) and thus, after adding an “o”, it was named.
#2 SOBIG.F
Year: 2003
PCs Infected: 2 Million
Damages: $37,100,000,000
Self-replicating worm spread through e-mail.
#3 ILOVEYOU
Year: 2000
PCs Infected: 500,000 (That’s about 10% of the world’s computers at the time)
Malicious program hidden in an email attachment. ILOVEYOU was the first virus that attached itself to an e-mail.
#4 CONFICKER
Year: 2007
PCs Infected: 12 Million
Damages: $9,100,000,000
Confliker was a worm that scanned computers for weaknesses, logged keystrokes and downloaded code from hacker websites. This virus is still active and as of August 2015, is still infecting about 1 million computers worldwide.
#5 CODE RED
Year: 2001
PCs Infected: 1 Million
Damages: $2,600,000,000
Code Red was a worm that exploited an OS vulnerability, actively looking for other machines to attack. It took down and defaced websites, most notably whitehouse.gov. It was nicknamed Code Red because the pair who discovered the virus were drinking Mountain Dew Code Red at the time of discovery.
35% of businesses have lost data due to flawed IT security. Don’t be caught unprepared. Let Mozy help you manage your cloud security needs.
Visit http://mozy.com/product/features/military-grade-security to learn more about how Mozy can keep your data safe and secure.
Source:
http://www.kaspersky.com/about/news/virus/2013/35_of_businesses_have_lost_data_due_to_flawed_IT_security
https://www.washingtonpost.com/news/the-switch/wp/2015/02/27/security-firm-finds-link-between-china-and-anthem-hack/
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches
http://www.huffingtonpost.com/entry/biggest-worst-data-breaches-hacks_55d4b5a5e4b07addcb44fd9e
http://www.tomsguide.com/us/biggest-data-breaches,news-19083.html
http://www.cio.com/article/2399262/data-breach/the-15-worst-data-security-breaches-of-the-21st-century.html?page=2
http://computer.howstuffworks.com/worst-computer-viruses.htm#page=4
http://uk.norton.com/top-5-viruses/promo
http://www.hongkiat.com/blog/famous-malicious-computer-viruses/
http://www.investopedia.com/financial-edge/0512/10-of-the-most-costly-computer-viruses-of-all-time.aspx
http://www.computerworld.com/article/2956312/malware-vulnerabilities/remember-conficker-its-still-around.html

We want your feedback! Really! (And you might win a prize)

Every now and then we all need help with the software. So what do you do? You contact support! As a Mozy customer, we hope that whenever you have a question about the Mozy service that you don’t hesitate to get in touch with us. It’s our job to help you resolve any issue with the Mozy backup software.

Because we want to do our job to the best of our abilities and because we want your experience with Mozy Support to be a pleasant one, we’re inviting you to let us know of your recent experiences with Mozy Support. What feedback do you have from a recent Mozy Support Portal experience? For example:

•  How did everything go?
•  Are there areas where we can improve?
•  If you could change the way we handled your case, what would that be?

By providing us with constructive feedback on your support experience, not only will you be helping us make improvements to the Portal, you will be helping other Mozy customers who reach out to us in the future with a similar issue. And you just might win a fabulous prize. Wait! Did someone say prize? Yes, we did!

How can you win a prize? Simply send us your ideas for a chance to win. It’s that easy. Do you want to learn more? Are you ready to submit your idea? Maybe you just want us to cut to the chase and tell you what the prizes are? For answers to all of these questions and more, click here.

 

Securing Your Data in the Cloud

In the late ‘90s when consumer Internet was relatively new, there was a controversy swirling around online commerce: is it safe to use your credit card online? Fast forward to today. Online commerce is ubiquitous, and one of the largest credit card breaches recently occurred in Target’s brick and mortar stores. Now with enterprise cloud computing, there’s another controversy swirling: is it safe to store your data in the cloud? As a provider of EMC cloud services—including Mozy and Spanning—and in working to tier our on-premises storage products to an EMC object service, I’m often asked this question. The answer depends upon the level of security deployed by the cloud service. Just as online commerce sites vary in their level of sophistication, so do cloud services when it comes to security features, operations, and compliance.

By federating identity and authentication with employees’ corporate authentication service, IT can make access to these services more convenient and more secure. Revoking a former employee’s corporate credentials also revokes access to the associated cloud service. Data should be encrypted in transit and at rest, and customers should have an option to either use encryption keys provided by the cloud service or apply their own corporate encryption keys. To validate that the data arriving in the cloud is exactly the same as from the point of origin, the service should apply a payload integrity validation check, which safeguards against either accidental or intended corruption in transit. And a solid role-based access schema will ensure authorized users can only perform the duties for which they are intended, reserving privileged/administrative rights to the few, while allowing capabilities such as simple reads and writes to the many. Finally, to respect data sovereignty laws, the service should provide geographical data residency options.

Now that the right data has landed in the right place, let’s review the data center operations to make sure it stays that way! Physical access must be strictly controlled on building and cage entrances by professional security staff utilizing video surveillance, alarm systems, and other electronic means, while legitimate access is granted through two-factor authorizations (for example, passcode and fingerprint) and strictly enforced visitor policies. But even more important is cyber hardening of the perimeter, hosts, and applications. Even one security hole in the perimeter could be exploited to gain access through the intended boundary, allowing access to the high-value servers and data within the product environment. In this sense, an ounce of prevention goes further than a pound of cure. Steps like ongoing vulnerability monitoring (especially critical zero-day vulnerabilities) and solid patching practices are essential. Add to that a practice of gold image creation and maintenance that contains all necessary configurations to ensure the hosts are configured securely; for instance, all unnecessary services are turned off at install. Access management is also crucial, and increased security measures for legitimate administrators, such as two-factor authentication with one-time passwords like with RSA’s Secure ID capabilities, go a long way in preventing brute force password hacks.

The next step in prevention is early detection. While the expectation of a perfectly hardened environment is a noble one, in reality, active monitoring provides an ideal air cushion in the event a flaw is exploited somewhere along the way. Tools such as RSA Security Analytics provide alerts from both unexpected log activity and indicators of compromise within the active network traffic flow, while ensuring log and network capture data is maintained in an unalterable state for future investigations and forensic needs. And in case the worst happens, the service needs a trained incident response and containment team available 24/7.

How does one know that a service is taking these measures? That’s where it can be helpful to have a thorough attestation of the level of security provided. There are self-certification attestations, such as assuming responsibility as a Business Associate under HIPAA, and there are independently certified attestations, such as SOC I or 2 Type 2, ISO 27001:2013, just to name a few. In addition, some services employ security professionals to help address customer-specific inquiries and reviews.

When it comes to security there are no absolutes, but with the right security features, operations and compliance in place, a cloud service can provide the same or better protection than on-premises data protection options. After all, corporate IT environments are also susceptible to attacks, and most of them are not held to the same standards or external reviews described here.

Data on the Horizons…and Horizon

It’s getting closer to that time of the year when we start reading about the biggest events that transpired during the past 12 months. Sure, we haven’t entered the month of December yet, but holiday lights and decorations are on the shelves, so why not talk about one of the biggest events and its associated data even before 2015 ends?

Although NASA’s New Horizons spacecraft was launched January 19, 2006, it qualifies as one of the biggest events of 2015. That’s because its six-month flyby of Pluto didn’t occur until July 14 of this year. That’s not surprising, considering that Pluto is 2.66 billion miles away from Earth (when the two planets are closest). That’s a long, loooong way away. To help put things in perspective, the Earth’s moon is 238,900 away. Pluto is 11,000 times further away from us!

Just how important is the New Horizons mission? The National Academy of Sciences has ranked this space mission as the highest priority for solar system exploration. Its purpose is to understand where Pluto and its moons fit in with the other objects in our solar system, according to NASA.

Even though New Horizons didn’t do its flyby of Pluto until this year doesn’t mean important science wasn’t happening before then. About a year after its launch in February 2007, New Horizons did a flyby of Jupiter, gathering all sorts of important data, including about the planet’s great storm systems and why they change colors. And from the start of its mission, the New Horizons spacecraft began collecting and storing data on its two 32-gigabit (“bit” not “byte”) hard drives.

About two months after New Horizons passed Pluto and its moons, the mission team back on Earth began downloading the tens of gigabits the spacecraft collected and stored on its digital recorders. The download, which started in September, will take about 16 months to complete. That’s because even though the radio signals that contain the data are moving at light speed, it takes 4 ½ hours to reach the Earth.

When you’re talking about 4 ½ hours, you’re talking about a lot of time, at least by Earth’s standards, especially if you’re talking download time. 4 ½ hours…270 minutes. That’s no New York minute! You can watch a couple of movies in 4 ½ hours. With the New Horizons transmitting at 1 KB per second, it kind of makes it hard to complain about today’s high-speed Internet speeds, even when they’re slow. If it took that long to download your favorite movie, you might break out the Scrabble board instead. Or if you’re patient, your Friday data night might actually work its way into Saturday, which might not be a bad thing, depending on how well you’re getting along with your date.

With the new year just around the corner, now is as good a time as any to look back at all of the big events of 2015 and consider how much we rely on technology, and how easy—and fast!—it is to download, access, store, forward, and receive the data that makes our world go around. With the ever-increasing speed at which we’re creating data these days, you can only wonder what’s on the horizon.

You proved that haiku can be scary!

Your haikus scared the “h” out of “gost,” so now we can deliver the prizes!

We are pleased to announce the winners of our 5th Annual Mozy Frightful Computer Haiku Contest. You, dear customers, made us proud by putting the chupa back in chupacabra. We’re not going to lie to you: There were so many wonderful submissions this year that we didn’t think we had a gost (remember, the “h” ran off) of a chance to select just three winners. So many great haikus, but only three prizes to award. After much wailing and gnashing of teeth, we selected our winners:

Winner:
Data left for dead,
Noose around its neck? …Mozy
Won’t leave you hangin’!
—M. Neal

Winner:
Late at night he comes
The Grim Reaper and his scythe
Ach! My head is gone!
—Marci Humphreys

Winner:
Zombies and vampires
are nothing when compared to
running out of treats!
—CIMHsv

Congratulations! Each of our winners will receive a $50 gift card. (Winners, please email us at stories@mozy.com and please include your name and mailing address.)

We understand that some of you may be disappointed that you didn’t win, but there’s always next year. So check back with us next October. In the meantime, enjoy your Halloween candy and practice writing haikus.

Back up with Mozy
Even if you didn’t win
There’s always next year

Continue to back up your files with Mozy. Anything less would be scary. Be safe.