Connect

P1 / CLOUD COMPUTING:

What type is right for your

business?

P2 / MICROSOFT LEADS

GOOGLE: Microsoft pulls

ahead of Google in email

amongst public companies

P3 / FIREWALL:

Why yours is only as good

as what is inside it

P4 / RANSOMWARE:

A new threat discovered in

Microsoft Word

MAY 2016

Secure data backup, greater reliability,

better resource and growth management

options, and improved collaborations are

just a few of the reasons to take full

advantage of cloud computing today.

Yet understanding the choices you have can

help you avoid some VERY costly mistakes

you could wind up seriously regretting later.

Three Types Of The Cloud

Not all cloud models are the same.

In determining what the best cloud model

is for your organization, it’s important to

know how cloud services are structured.

Basically, there are three types of cloud:

public, private and hybrid.

Public Cloud Services Offer Flexibility

And Lower Cost

A public cloud comprises a collection of

data storage and software services that can

be accessed on an as-needed monthly basis,

somewhat like an electric utility or fitness

club. It houses data facilities outside the

corporate firewall that you access through

an Internet browser without having to make

any initial or ongoing capital investment.

Well-known examples of public cloud

services include Google Drive, Microsoft

Office Online, Apple iCloud and Amazon

Cloud Drive. They provide data storage

and, in many cases, web apps.

Public clouds are best used where a high

level of privacy is not required. They can

provide access to a growing pool of newer

technologies that would not be affordable

if developed individually.

Private Clouds Support Highly

Specialized Apps

A private cloud resides within an organiza-

tion’s firewall, and is typically owned,

managed and supported by that business.

IT resources are available to members of

the organization from their own data center.

>> CONT. PAGE TWO

Ransomware Discovered

In Microsoft Word

For those of you that are unfamiliar with the term, ransomware is a type of

malicious software that is designed to prevent access to a computer system

until some amount of money is paid.

A new strain of well-hidden ransomware has recently been discovered in

Microsoft Word. Thus far, it has gone undetected by antivirus software.

This new type of ransomware has been named Locky, and is found to be

triggered by the macros in Microsoft Word. The Word document is typically

attached to an email with a subject line that refers to an unpaid invoice or

something of the like. When a user opens the attached document, they

often find scrambled text and a message prompt pops up telling them to

run a macro for the issue.

Of course, the macro does not unscramble the text. Instead it downloads and

runs a file. As soon as the download begins, the files on the computer system

start becoming encrypted. Locky also has the ability to encrypt any files on any

network the computer is attached to, making its threat even greater.

So how can you protect your business and network from a ransomware

attack?

The easiest (and often unreliable) way is to inform all of your employees NOT

to open any unrecognized Microsoft Word attachments, and if they do, NOT to

run macros.

The best way to prevent an attack is to disable macros from everywhere except

for one shared folder.

Obviously, this is no fool proof solution, but it will provide some sort of protection

for your business until malware catches up with the problem and you feel your

employees are fully educated on the issue.

If you have any questions, or a concern that your network may be infected,

contact us today at (410) 884-0225.

PARTNERS & CERTIFICATIONS

As a technology leader, we strive

to maintain partnerships and

certifications with many trusted

companies throughout our industry.

MICROSOFT LAUNCHES OFFICE 365 PLANNER

Microsoft has recently released a new app to their Office 365 Suite dubbed Office 365 Planner.

This new tool will be welcomed by a large number of Office 365 users who are looking for an

easy way to manage a variety of projects within their organizations.

In short, Office 365 Planner is an online based project management app. It offers users

a simple and highly interactive way to organize teamwork within an organization.

Office 365 Planner makes it extremely easy to add projects (referred to as plans in Office 365

Planner), share files, assign tasks, chat about different projects, and update the group regarding

work that has been completed.

Office 365 Planner uses “plans” to reference what are essentially projects. Managers can easily

setup plans for users and assign tasks along with detailed descriptions and due dates.

What Type

Of Cloud

Is Right For

Your Business?

www.XPERTECHS.com

Private clouds can support highly specialized and/or privacy-restricted

applications, like medical-records software for a health-care organization

concerned about HIPPA requirements, for example.

And, while it can be more expensive to set up initially, a private cloud

may deliver a higher ROI in the long run since you’re not paying for

ongoing shared services.

Hybrid Clouds: Balancing Complexity With Flexibility

Merging the flexibility of public cloud services with the control of

a private cloud, a hybrid cloud can provide the ideal infrastructure

for some organizations.

A hybrid cloud enables you to put some of your apps and data – archives

and e-mail, for instance – in a public cloud, and the remainder in your

private cloud. This provides the cost savings and benefits of the public

cloud while retaining the customization and security advantages of a

private cloud.

While it can be more complex to deploy and manage than a pure public

or private cloud, a hybrid cloud may deliver the best blend of control,

flexibility and cost-effectiveness for some organizations.

So Which Type Is Right For You?

There is no perfect solution – each type of cloud has its own pros

and cons. That being said, here are a few key factors to consider

when determining the best approach for your particular business:

Public cloud solutions are best suited to the flexibility and budget

requirements of smaller businesses that want access to the kind of

IT resources that bigger organizations can afford, without the cost

of development and ongoing support and management.

A private cloud, managed and supported by an in-house IT team, may be

ideal for your organization if control and privacy are of paramount concern.

A hybrid cloud could be the ideal solution for any enterprise that wants to

manage sensitive data in-house while availing itself of third-party software

and data storage for uses where the data involved isn’t as sensitive.

How To Get The Best Professional Help

While hiring a cloud-computing expert can prove extremely beneficial

in the long run, it’s critical to work with a professional who has depth

of experience in all types of cloud environments.

We’ve helped dozens of companies set up and run cost-effective, powerful

and secure cloud networks. For a Free Cloud Readiness Assessment,

contact us at (410) 884-0225 or marketing@XPERTECHS.com today.

THE MARYLAND ZOO IN BALTIMORE

XPERTECHS just announced its most recent

partnership and corporate sponsorship of

The Maryland Zoo in Baltimore.

As the nation’s third oldest Zoo and an

iconic regional landmark, The Maryland Zoo

in Baltimore continues a rich tradition of

connecting our community to wildlife and to

each other. As a leader in conservation and

education, the Zoo is proud to welcome a

new season of growth and a new generation

of visitors discovering enhanced exhibits,

exceptional animal experiences, and an ideal

setting where family memories are made.

The Maryland Zoo’s Corporate Membership

program is a premier membership

opportunity. Support from businesses like

XPERTECHS and organizations, large and

small, helps further the Zoo’s already

impressive growth and shows your commitment

to the community and conservation education.

(http://www.marylandzoo.org/membership/

corporate-memberships/)

XPERTECHS ANNOUNCES

NEW CORPORATE

SPONSORSHIP

A study by analyst firm Gartner has found that 8.5% of global public companies use cloud email

from Microsoft’s Office 365 service, with just 4.7% using Google Apps for Work.

The remaining 87% of companies surveyed have on-premises, hybrid, hosted or private cloud

email provided by smaller vendors.

Overall, the firm found that the cloud email market is still in the early stages of adoption with 13%

of identified publicly listed companies using Microsoft or Google – the two main cloud email vendors.

“Although it is still early days for cloud email adoption, both Microsoft and Google have achieved

significant traction among enterprises of different sizes, industries and geographies,” said Nikos

Drakos, Research Vice President at Gartner.

“Companies considering cloud email should question assumptions that public cloud email is not

appropriate in their region, size or industry. Our findings suggest that many varied organizations

are already using cloud email, and the number is growing rapidly,” he said.

Among the organizations using cloud email from Google and Microsoft, Microsoft is ahead in most

industries, the data showed – particularly in regulated areas such as utilities, energy and aerospace.

Where Google is ahead, it is in industries with more competition and less regulation, such as software,

publishing, retail, advertising, media, education and travel.

Types of Cloud Comput ing: Cont ’d f rom Pg. 1

Microsof t Leads Google

In Emai l Amongst Publ ic Companies

W h y Your F i r ew a l l I s O n l y As G o od As W hat I s I ns i d e I t

STARBUCKS GIFT CARD WINNER

RICHARD FEELEY

NETWORK BUILDING & CONSULTING

If you are a current XperCARE customer,

and would like an opportunity to be entered

into our monthly drawing for a $25 Starbucks

gift card, start filling out the survey you receive

each time your support ticket is closed. We

perform the drawing at the close-of-business

on the last business day of each month.

A layered defense does not rely on any one key

mechanism to keep your data and systems safe,

but rather on a variety of different tools and

techniques. Any single form of protection

might be vulnerable to a directed attack on

any given day; and they often are. The odds

of multiple, diverse defensive techniques all

being subverted simultaneously are much lower.

Although this is a time-tested and proven

strategy in information security, it's neither

common nor popular. So a common security

"solution" is to buy a firewall and plunk it in

between your internal network and the

Internet, and then get on with business.

A better solution for businesses starts on the

inside of the network and works its way out.

A firewall presumes everything behind it is

worthy of equal protection, though this is

unlikely to be the case. A layered security

approach should begin with an inventory of

the information your business needs to protect.

A database listing customer service appoint-

ments, for instance, might have no intrinsic

monetary value, but its loss or disruption

could have costly operational impacts.

Protection should begin with internal access

controls. Every major operating system in

corporate use today has the ability to apply

file-level security. This can usually be

intelligently combined with single sign-on,

centralized authentication and policy-based

controls for a comprehensive access control

and logging system.

Often overlooked is the fact that many data

breaches originate from employees, not outside

intruders. Internal access should be restricted

by need. Internal controls will defend against

both employee malfeasance and any outside

penetration.

A solid backup system is also part of your

security (although this, in turn, also requires

security controls). An under-appreciated aspect

of security is denial of service from internal

attack. Even if intruders can't make use of

information from your internal systems, if they

can alter or delete it arbitrarily, they can cause

considerable monetary loss. Tested and robust

backups mitigate this possibility.

Anti-virus protection goes without saying in

today's computing environment, but keeping

this up-to-date remains a weak point for many

businesses. Software patches are also vital to

internal security.

Physical security also receives short shrift

from most companies. No firewall in the

world will protect your network when a hacker

has the ability to physically plug in at an unused

and unmonitored network access point.

Making sure only authorized staff have access

to computers and network jacks is a necessary

step in internal security.

Similarly, if wireless access points are

broadcasting signals from your internal

network which can be received outside your

building, they present an under-appreciated

point of attack. Encryption should be strong

and wireless access authentication redoubled

over your basic network authentication schemes.

When you are finished, what you have is

something resembling a pile of sliced Swiss

cheese. Each layer may have a few holes, but

if the holes don't align, nothing will get through.