Posts Tagged ‘management’

Cloud Computing and the Risks of Shadow IT

Posted on: August 29th, 2014 by billp | No Comments

We’ve written at length about the many benefits that cloud computing can bring to your business, such as lower costs, faster time-to-delivery, improved reliability, improved scalability, etc. However, with all of these benefits come risks that many businesses ignore or don’t even realize are present. The proliferation of inexpensive (or free, which can present its own set of problems) browser-based cloud services and solutions allows business users to effectively be independent of any business or IT oversight, creating what is commonly called “Shadow IT.”

Technology consulting firm PricewaterhouseCoopers (PwC), in a recently published report, stated “the culture of consumerization within the enterprise — having what you want, when you want it, the way you want it, and at the price you want it — coupled with aging technologies and outdated IT models, has propelled cloud computing into favor with business units and individual users.” The risks from shadow IT include issues with data security, transaction integrity, business continuity and regulatory compliance, technology and service (and cost) redundancies, among many other risks.

Business users often blame IT for being too rigid and slow to respond to changing business needs. IT providers – whether in-house or outsourced – are tasked with long-term IT sustainability, manageability, solution compatibility, and support; in other words, long-term, cost-effective IT strategy. Complex IT infrastructures require careful planning in order to ensure changes are well-integrated with existing systems and processes. Business users who want a solution now often skip through a lot of the due-diligence that would normally fall to the IT department, and forget to think about things such as security and proper service level agreements when looking at cloud providers.

Take, for example, Dropbox, the popular file-sharing and synchronization solution. Dropbox is extremely powerful and has a free/basic option that provides users with 2 GB of storage. A lot of business data can be stored in 2 GB! The recently-announced improvements to Dropbox Pro, the lowest-cost paid tier of service, allows users to store 1 TB of data in the cloud for $99.99/year. A departing or disgruntled employee could, with 1 TB of storage, copy most or all of your business data off-site and you’d never know it! We at Colden Company have seen many business users using the consumer-focused Dropbox Basic plan for business files, but what works for family pictures may not be the best solution for business files, opening the business to unacceptable security, legal, and financial risk.

Consider just a few of the risks something as seemingly innocuous as Dropbox file syncing can present to your business.

  • Data theft – Business owners may not know when Dropbox is installed, and are unable to control what data employees are creating on or synchronizing to personal devices (smartphones, tablets, personal computers, etc.). These personal devices exponentially increase the risk of business data falling into the wrong hands.
  • Data loss – Dropbox allows employees to create – and delete – data on the service that does not synchronize to any in-house (i.e. backed-up) source. Dropbox has some built-in backup and recovery features, but they are insufficient for most business data retention needs.
  • Law suits and compliance violations – Companies in regulated industries face a real risk of becoming non-compliant with data security and privacy obligations without even realizing it. Dropbox offers the ability for users to share data from the service with anyone and offers limited in-service file access controls for shared Dropboxes.
  • Security – Dropbox does not encrypt any locally or cloud-stored data.

While we are using Dropbox as an example, the same risks are present for many free or inexpensive cloud services that can be easily implemented without business or IT oversight. Other services that can present business exposure include data sync and sharing services such as Box, Google Drive (Docs), or Microsoft OneDrive; cloud backup services such as Carbonite, Mozy, or CrashPlan; or even business solutions that can contain critical data such as, Microsoft Dynamics, or Basecamp.

The good news for business owners is that there are cost-effective alternatives to all of the above-listed services/solutions that can be managed by business owners and IT providers. By reviewing the business needs of users and working in conjunction with your IT provider, a managed, secure, and reliable solution that is well-integrated with your existing IT investments can always be identified. Whether it’s file synchronization, backup, remote data access, CRM, or any cloud solution, shadow IT will put your business at unnecessary risk.

Work with Colden Company to reduce the risk of shadow IT by allowing us to identify carefully tested, secure, and integrated solutions for your cloud service needs. Protect your existing IT investments and your business by taking control with a trusted IT advisor. Contact your trusted IT advisor at 888-600-4560, via email at, or via Facebook or Twitter.

Should Your Business Have Cybersecurity Insurance?

Posted on: October 31st, 2012 by billp | No Comments

You run best-of-breed security software in your business. Your firewall is from a top-tier vendor and hardened. You run regular penetration tests on your network to make sure your exposure is in check. You even encrypt your data and enforce strong password policies on your network.

These are all excellent security practices, but they are hardly foolproof measures. They may slow down a cyber attacker, but a determined attacker with your business in their sights may still be able to find away to your data. The sad truth is that the cybercriminals are advancing just as fast as the technology designed to thwart them. The cybercriminals are also focusing more on less-risky, less-prepared targets such as small and medium businesses.

For a business owner or executive in charge of technology or risk, the problem is two-fold. All of the technology measures just described are excellent approaches to addressing cyber risk. But what about the risk associated with financial losses or liability that could result if the technology-based protective measures fail? Specifically, will your insurance policy cover losses, damage, and liability?

You may think that your small business general liability or property insurance policy covers data-related losses, but don’t assume anything without checking with your provider. Many policies include an “intangible property exclusion,” which would exclude data because you can’t touch it or feel it. That makes it difficult to calculate the value or replacement cost for insurance companies, so their normal policies simply don’t cover it. However, with businesses increasingly relying on electronic assets as a vital part of their business operations, insurance companies are starting to either add on cybersecurity protections to traditional policies or add entirely new cybersecurity insurance policies as options.

Cybersecurity policies can insure against data loss, liability associated with data loss, the cost of downtime to your business, and the cost of restoring lost or corrupt data. This kind of coverage is commonly referred to as “first-party coverage.” If your business deals in sensitive customer personal information (credit card numbers, health information, etc.), policies can also cover the exposure and expense associated with the loss of such information (credit-monitoring services, notifying customers, etc.). This kind of coverage is commonly referred to as “third-party coverage” (i.e. losses associated with third parties).

Cybersecurity coverage goes hand-in-hand with proper technological preventative measures. Your auto insurance provider likely offers discounts for added safety features on your car, a safe driving record, etc. Similarly, cybersecurity insurance providers will want to see due diligence in the form of preventative measures to protect your business data. If your coverage level is high enough, providers may want to see advanced security measures such as mandatory complex passwords, high-strength data encryption, protection against removal of data on portable devices, etc.

The best place to start is by contacting your insurance provider to find out the limits of your current policy. If cybersecurity coverage is offered, consider how important your data is to your business and how severely impacted your business would be in the event of a loss. If your business deals in sensitive customer data, you have even more to consider in the form of third-party losses.

Is your business data and network well-secured? Contact us at (888) 600-4560, email us at or contact us on Facebook or Twitter (@coldenco) if you want to check your current security measures or investigate ways to improve your security.

Managing IT in an Unpredictable Economy

Posted on: September 29th, 2011 by jiml | No Comments

In an uncertain economy, many businesses are reluctant to make investments in their technology infrastructure.  This is an understandable reaction to today’s business environment, although statistically many businesses do have the cash flow. Our caution would be to keep in mind that if you are running your business the same way you were a few years ago, you are not standing still, you are falling behind.  Rapid enhancements to technology ensure this. New competition and even your existing competition may be investing in technologies that are providing competitive advantages.  It is very possible that this is the time to invest in technologies that can help your business retain its edge.

When we talk about investing in technology, we are not talking about investing for the sake of investing.  We are talking about investing in items that bring a return on that investment e.g. new tools that can help close more sales. Take the time to evaluate your business and determine what the impediments to success are. Use this top-down approach to then indentify the systems and technology infrastructure that support those systems.  Perhaps an improved CRM system would help your business capture more business opportunities. Perhaps look to find a lower cost ERP system that may have equal functionality and better long-term growth potential. After selecting the system, the technology can be reviewed.  This step requires the cooperation of both your Chief Operating Officer and your Chief Technology Officer. Evaluate cloud based solutions, virtual computing solution, or Software as a Service (SaaS) solutions to see if any of these provide a better long-term price point or added value for your business. Always bear in mind that the technology is secondary to the business function it supports, but the technology can indeed add or subtract to the overall productivity significantly.

Technology can also be used to help reduce costs, not just increase revenue as with the previous examples.  Virtual technology is a great example of this.  Why operate two or three different physical servers when you can combine the functions of these three into one physical box running separate virtual computers?  The hardware costs are less, the energy costs are less and the ongoing maintenance costs are less.  Investing in this type of upgrade can result in reduction in long-term costs for a business.

As a final thought, when considering your budget for 2012, keep in mind that older hardware will fail more often. That is a mechanical fact.  At Colden Company Inc., we always remind customers that it is not “if” a hard drive will fail, it is “when”.  They are just mechanical devices that will eventually stop working, just like a car.  We understand that there are upfront costs involved in making your IT infrastructure more stable and efficient, but there are also increased costs with maintaining an aging infrastructure both in terms of equipment repair and lost productivity.  As your organization begins building the 2012 budget, look to invest in the types of technologies that will help reduce long-term costs or increase long-term revenues.  These actions will help keep your business competitive in an uncertain economy. Are you busy preparing for the future or in “maintain” mode?  Here are two thoughts to leave you with:  1) Failure to plan is planning to fail. 2) Remember, if you are running your business the same way it was a few years ago, you are falling behind your competition.