How to Solve 4 Common Cloud Management Challenges

Your organization has implemented cloud services like infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) in your environment. You are considering taking a cloud-first approach for new workloads, making cloud the new standard for application delivery.

Due to current economic pressures, you have a mandate to maximize efficiency and bring costs under control. You may also be tasked to deliver on projects that will help the business compete and thrive once recovery begins.

You want to make these things happen, but run into the same challenges facing many cloud adopters:

  • You are exceeding your planned cloud budget but don’t have enough data to pinpoint the source of those unexpected costs. Or you don’t have a consistent way to drive accountability for line of business (LOB) departments that are commissioning cloud resources on their own.
  • Senior management is concerned about security and compliance in the cloud (as they should be), your IT team has limited tools to enforce its policies.
  • The business relies on cloud infrastructure and services to be always-on, but IT hasn’t had the time or resources to establish a formal structure for cloud operations.
  • Many of your IT staff are comfortable in a traditional data center, but public cloud infrastructure skills are hard to hire for and often come at a premium. Perhaps you would like to retrain staff, but your team needs to spend most of its time maintaining current operations.

With the right tools, policies and partnerships, however, you can get a greater impact from your cloud investments and refocus on business priorities.

We’ll examine the cloud management benefits of improving visibility and accountability for cloud costs, establishing effective cloud governance, enhancing the efficiency and resilience of cloud operations and closing gaps in public cloud infrastructure skills.

Improving Visibility and Accountability for Cloud Costs

When you migrated some critical workloads to public cloud IaaS and PaaS, you probably learned fast that the same approaches that apply on-premise infrastructure don’t always work in the cloud.

In the cloud, approaches like over-provisioning resources to meet demand often drive up unnecessary spend. At the same time, public cloud services make it relatively easy to commission new resources, allowing LOB departments to spin up new instances outside the purview of the IT department. If some of these are left idle or underutilized, the result is further wasted spend.

Relying on usage and cost data available from their cloud provider alone, you may not be receiving all the information you need to allocate the costs in your cloud environment. This in turn makes it more difficult to build an accurate picture of ROI for key initiatives.

By introducing tools to automate cost allocation, you get clearer visibility into exactly where cloud costs are coming from.  This allows the IT team to identify and decommission idle and underutilized resources. Meanwhile, you are also better equipped to bill or show back cloud costs to the appropriate LOB departments, driving greater accountability and awareness of cloud value.

By rounding out your team with a cloud managed service partner (MSP), you can also benefit from ongoing advice and mentorship on ways to eliminate unnecessary spending in the cloud and better manage burst and elastic spend.

Looking for more guidance on cost management in the cloud? Watch the webinar on-demand

Establishing Effective Cloud Governance

Early in your cloud journey, you may have learned the substantial difference between security and compliance in the cloud and the data center. While shifting to the cloud offsets some security and regulatory compliance responsibilities to the public cloud provider, the cloud consumer retains some core accountabilities.

From our experience at Softchoice, many new public cloud adopters make decisions quickly and in a decentralized manner, which results in manual efforts that in turn lead to sprawling patchworks of configuration standards.

Here, a formal governance model – a framework with a set of policies and standard practices for cost optimization, resiliency, security, or compliance – is vital for keeping the entire organization on track.

While Forrester indicates that IT teams should dedicate 10% to 15% of cross-functional resources to governance activities, many IT departments are stretched thin and don’t have the time to spare [1].

As Forrester recommends, a formal governance program starts with federated approach to continuous improvement and management guided by a central cloud advisory board. As an extension of this team, a formal cloud management role or group can help define and enforce standards and best practices.

In distributed or siloed cloud environments, it’s important to have a central place for cloud practitioners to share best practices.

For newer cloud adopters or organizations with lower confidence in their cloud capabilities, a cloud MSP will help select and implement the standards and tools necessary to monitor the health, usage, security threats and compliance across multiple cloud environments. They can also lend support in tracking and enforcing governance policies through automated cloud deployments based on built-in standards.

An effective formal governance model is critical to success in the cloud. Download the Forrester Report.

Enhancing the Efficiency and Resilience of Cloud Operations

When it comes to deploying new cloud services, you may have found it difficult to ensure your cloud infrastructure resilient and optimized for performance.  When your cloud infrastructure is serving critical applications and services, however, stabilizing the environment and operations to keep supporting your critical business applications is paramount.

Some of our cloud customers have found that when they need to access support from a public cloud provider, they spend a long time navigating complex phone trees and escalation paths to reach the best person to solve the problem. While these providers deliver the best support possible, the sheer volume of clientele makes it difficult to offer service tailored to a given organization’s environment or needs.

With the help of an MSP, you can adopt a turnkey operational model that addresses the processes, people and skills required to effectively manage their public cloud resources. Many MSPs are also equipped to help you take advantage of public cloud provider programs and incentives to reduce your cloud costs and build the best cloud setup for your needs.

Are you struggling to balance innovation projects with effective cloud governance? Get the guide.

Closing the Gaps in Public Cloud Infrastructure Skills and Experience

When your journey to the cloud began, you likely faced a considerable challenge: limited or no in-house expertise related to cloud management best practices.

In fact, Gartner indicates that by 2022, insufficient cloud IaaS skills will delay half of enterprise cloud migrations by 2 or more years [1].

Without these skills however, understanding cloud cost drivers, deploying cloud resources effectively and monitoring the health and performance in the environment becomes an uphill struggle.

We find that when many Softchoice customers have attempted to build cloud operations team in-house, they quickly hit a proverbial brick wall – demand for cloud-native skills far exceeds the current supply. Those with cloud experience have become rare and expensive to recruit.

Meanwhile, taking the time out to retrain and upskill internal IT staff on cloud skills risks leaving the current environment unmaintained. It also creates the possibility that investment in cloud knowledge or certification could leave the organization when somebody moves on to another opportunity.

With an MSP relationship in place, your IT team has the option to offload the operation and maintenance of their cloud services and infrastructure to a certified team of engineers. Meanwhile, some MSPs will provide ongoing training sessions to build cloud expertise within your team while moving at their own pace.

The results? In many cases, by working with an MSP you can operate your cloud environment at a lower cost than hiring, receive 24/7 support and remain safe in the knowledge that your staff are receiving ongoing education from cloud certified engineers.

What Are Your Next Steps?

If you plan to adopt or have recently adopted public cloud, one or more of these examples may have hit home. With the rapid adoption of public cloud, many organizations are looking to optimize costs and ensure they grow their cloud environments in a way that supports smart, sustainable growth.

But balancing your cloud journey with other IT and business priorities is a common – yet surmountable – challenge. Wherever you find yourself on your cloud transformation journey, Softchoice is positioned to help.

Explore Softchoice Managed Cloud Services.

[1] “4 Trends Impacting Cloud Adoption in 2020,” Smarter with Gartner, January 2020.

The 3 Main Risks to Videoconferencing Security

 

Videoconferencing technology isn’t new, but it has experienced a distinct rise in popularity and strategic importance  as many more organizations shift to remote work. 

A flash survey of 550 U.S. employers in March 2020 and found that 67% of them were in the process of allowing more workers to telecommute. As these working arrangements become more common, video conferencing will be an important enabler of collaboration and productivity.

To be acceptable for regular business use, a videoconferencing solution must be high performing and highly secure. These requirements are even more important in remote work environments where people join using a variety of devices. 

Not all videoconferencing security is created equal, however. Inadequate protection puts users at risk of attackers hijacking meetings, intercepting sensitive data or accessing recorded sessions without authorization.

For these reasons, it’s important to select a videoconferencing service like Google Meet, which implements multilayered protection against these common threats while offering a simple, scalable conferencing experience.

The 3 Main Security Risks to Videoconferences

Like all internet-connected applications, videoconferencing applications pose risks around improper access and data leakage. But they also present 3 distinct vulnerabilities:

  • Hijacking: Online videoconferences have meeting IDs and PINs that are made public (e.g., because someone has posted one on their social media profile or email signature) or easily guessable. Without protection, any person with these meeting credentials could join and disrupt the proceedings or acquire sensitive information.
  • Screen sharing: Related to the above, most videoconferencing applications include screen sharing functionality. An unauthorized participant could become the active presenter use to make their desktop the (unwanted) focus of the session.
  • Recordings: Many video meetings are recorded for later viewing or transcription. Where and how these recordings are stored and protected is important, as improper access or lack of encryption can mean that sensitive information falls into the wrong hands.

Beyond these in-app risks, videoconferencing software also has the potential to increase the attack surface on a client device. For example, on a desktop or laptop PC, a videoconferencing solution may require the user to download browser plugins or other software, some of which fall outside secure distribution channels like the Windows Store or Mac App Store. These extras further increase risk of compromised security.

Google Meet: Secure Videoconferencing for Remote Work

Google Meet is a videoconferencing solution with multiple layers of protection against modern threats, making it ideal for corporate deployments. 

Built on Google’s secure global infrastructure, it reliably stops abuse such as hijacking, securely stores and manages access to meeting recordings and runs safely and entirely within a browser (desktop), app (mobile) or dedicated video hardware (meeting room).

For instance, to prevent hijacking, it requires someone within the organization to approve any join request by an external participant. This reduces the risk of someone eavesdropping or actively disrupting the session.

Like other Google services, Google Meet undergoes regular audits for privacy, security and regulatory compliance. As well as industry-leading protections, it also delivers reliable and scalable performance, complete with support for hundreds of concurrent users, screen sharing, recording, G Suite integration and a 99.9% up-time service-level agreement.

Softchoice is committed to meeting your needs for business continuity, security and stability. By ensuring organizations get the most value from their Google Meet deployments, we help them scale and secure their communications and ultimately preserve productivity in increasingly remote workplaces.

Looking to adopt a secure videoconferencing solution? 

Get Google Meet tailored to your business.

Kari’s Law and Ray Baum’s Act: What You Need to Know

Kari’s Law and Ray Baum’s Act are two pieces of legislation that have been adopted and implemented by the Federal Communications Commission (FCC) in the United States.

Together, they aim to provide the public with greater access to 9-1-1 emergency services while also improving emergency response outcomes.

The legislation affects US-based manufacturers, managers and operators of multi-line telephone systems (MLTS), commonly used in commercial office buildings, hotels and post-secondary campuses, and requires certain organizations to comply with each.

Implications of non-compliance include fines and other penalties, along with the risk of endangering employees, customers and members of the public and associated civil liabilities.

We examine each piece of legislation, its requirements and what you can do to ensure your organization complies below.

Kari’s Law

Kari’ Law came into effect on February 16, 2020 and it’s intent is to allow direct dialing to 9-1-1 emergency services without additional trunk prefixes or routing digits. It also requires that MTLS automatically notify designated personnel onsite that an emergency 9-1-1 call has been placed. It applies to any users based in the United States who can dial emergency services, including fixed and non-fixed MLTS and VoIP users.

The law requires that:

  • Users be able to dial 9-1-1 without using a prefix to reach an outside line (e.g. Press 9 to dial out)
    • Note that under the law, dialing “9 + 9-1-1” can still be functional, but not required.
  • MLTS send a notification to designated personnel onsite, such as a front desk or security kiosk, that an emergency 9-1-1 call has been placed.
    • The notification must include at minimum, a) the instance of a 9-1-1 call being placed, b) a valid callback number and c) information about the caller’s specific location.

The law is not explicit about the method of notification, but allows for installers, managers and operators of MLTS to use an “efficient and cost-effective notification solution.” Examples of notification solutions include audible alarms, visual alerts on monitors, text or email messages, phone calls or network-based applications.

Any organization found not to comply with Kari’s Law as of February 16, 2020 faces a USD $10,000 fine as well as a $500 fine per day found in non-compliance.

Ray Baum’s Act

Ray Baum’s Act, related to Kari’s Law, aims at improving emergency response outcomes by focusing on the importance of sharing precise location information when calling 9-1-1 emergency services.

Specifically, Section 506 of the Act introduces rules to ensure caller’s location is accurately conveyed to emergency dispatch, regardless of the technology platform used to make the call.

The Act requires that:

  • Telephone systems provide certain critical information related to a 9-1-1 caller’s “dispatchable location” to a public safety answer point (PSAP), such as a 9-1-1 call center.
  • The Act defines “dispatchable location” as “the street address of the calling party, and additional information such as room number, floor number, or similar information necessary to adequately identify the location of the calling party.”

Initial dates for compliance with Ray Baum’s Act are January 6, 2020 for non-fixed MTLS calls and January 6, 2021 for fixed MLTS calls.

How to Ensure Compliance with Kari’s Law and Ray Baum’s Act

The following steps may be necessary to ensure your organization complies with this legislation.

  1. Assess your current MLTS: You will need to determine whether your phone system routes 9-1-1 calls to emergency response centers without requiring a prefix. You will also need to verify that notification and caller location information is conveyed correctly under the legislation. This should be tested on multiple phone endpoints on an annual basis.
  2. Install compliant hardware or software: This legislation requires all telephone equipment manufactured, imported or sold in the US after February 2020 to be compliant. If your current system isn’t in compliance and you don’t plan to purchase new hardware, there are several software solutions that will bring your system in line with the regulations. For example, Cisco Emergency Responder’s use of phone calls and Cisco Emergency Responder’s ER user pages satisfy Kari’s Law’s notification requirement.
  3. Ensure proper configuration for E911 technology: This legislation changes the FCC’s rules surrounding Enhanced 9-11 (E911) technology to require that MLTS convey specific individual caller information. Even if you have E911 features installed, you may need to reconfigure.
  4. Plan for remote workers: The legislation applies to any US-based user who can dial emergency services, including those using nomadic softphone applications on desktop or mobile devices. This includes any organizations based in other countries but that have US-based users.

Need help determining whether your organization complies with Kari’s Law and Ray Baum’s Act, or implementing the right solutions to achieve compliance?

Connect with an expert.