by Joseph Landes

Businesses of all sizes are looking to move their IT infrastructure to the cloud and the most important choice to make when doing so is finding a great IT provider who will have your best interests in mind on this journey. Promises will be made about capabilities and expertise, but it is important to keep your eye on three important things to ensure your Managed Services Provider is committed to helping you transform your IT infrastructure to the cloud.

Recommending Best in Class Products

Nothing else matters if a vendor’s product is not best-in-class and it is why so many vendors lose business in the competitive cloud ecosystem. There are too many other competitive solutions combined with somewhat low switching costs to settle for something that is not phenomenal and brings massive value to your business. When moving to the cloud, does the technology provider have a strong track record of performance? Do they have the infrastructure to scale with you as your company grows? A good sign that it is time to look elsewhere is if the product your partner is offering can’t pass a basic Proof of Concept or is just feature-poor relative to other comparable solutions. This is why I strongly recommend Microsoft Office 365 and Microsoft Azure as the core building blocks for any company’s initial foray into the cloud. No other company has invested so much into empowering businesses of all sizes to do more than Microsoft.

Adding Value to Your Business

My former CEO of Microsoft, Satya Nadella, often says that a company’s past success does not define or predict their future. That each day your partner needs to come in and continue to win your business anew. This lesson holds great relevance in the burgeoning cloud ecosystem with so many vendors, replacement options, and new technologies emerging daily. The day your partner started working with you is the day the clock started ticking on their need to constantly create value that accrues to your business. The technologies they choose must help position you as a thought leader in front of your customers. They need a clear Conditions of Satisfaction that defines their relationship with you and there needs to be regular check-ins to make sure your business is growing as result of the relationship.

Driving Down Your Cost

The cloud ecosystem is a competitive space. New technologies continue to emerge with even more powerful functionality than in months prior. Startups are being born by the hundred and thousands in the cloud and the need to maintain on-premises hardware in your office is a thing of the past. One would think that while the technology gets better, it would be more expensive to move the cloud. But it is quite the opposite! Business have increasingly been able to take advantage of economies of scale the large cloud providers like Microsoft has achieved in order to drive their costs down dramatically. In the past, a company would have to shell out many thousands of dollars to buy a server and amortize that cost over time. Now the model is consumption-based, and you only need to pay for what you use just like the electricity in your home. Moving to the cloud has a number of benefits for your business—and one significant one is driving down the cost of IT.

Moving one’s IT infrastructure to the cloud should be a near-term goal of every business. Putting off the decision to digitally transform your business could be costing you customers and making you less competitive. The time to move is now and we look forward to partnering with you on this exciting journey.

Joseph Landes is the Chief Revenue Officer of Nerdio — an exciting cloud startup in Chicago that helps Managed Service Providers build cloud practices in Microsoft Azure. Prior to joining Nerdio, he spent 23 years at Microsoft leading high-performing international sales and marketing teams and helping businesses of all sizes move to the cloud. He has travelled to 108 countries and is attempting to read every NY Times Notable Book ever published.

by Dan Astin

1) Change in Control

One of the most important legal tips every MSP should know involves “Change in Control.” In the event of an acquisition or other change in control of the client/customer, the MCA and ancillary SOW’s remain in full force and effect. “Change in Control” means any sale, exchange, transfer, conveyance or termination of any equity or ownership interests in the client/customer, or any corporate, limited liability company or partnership reorganization, restructure, merger, acquisition, transfer of assets, consolidation or adjustment with respect to Client if the persons currently in control of the client/customer would no longer have such control after such event.

2) BAA Requirements

HIPAA requires a covered entity to enter into “business associate contracts” with business associates to safeguard protected health information and to restrict its uses and disclosures to those permitted by the contract or required by law.  Business associates are also required to enter into business associate contracts with their subcontractors.  Business associates are persons or entities that perform, or assist in the performance of, any activity involving use or disclosure of individually identifiable health information. 45 CFR §160.103. This includes, e.g., claims processing, data analysis or processing, quality assurance, billing, practice management, and accounting and legal services.

3) Cybersecurity Insurance

According to the Ponemon Institute’s “2018 Cost of Data Breach Study,” the average cost of a stolen or lost record is $148, while the overall cost of a data breach is nearly $4 million. In addition, the likelihood of getting hit with another breach within two years after the initial one is 27 percent.

As noted by FICO, businesses typically shun cybersecurity insurance for three primary reasons:

A) The organization isn’t investing in cybersecurity overall, despite an increase in threat levels.
B) Leadership believes the organization will never be the victim of a cyberattack because it is too small to be targeted, or they believe security systems will protect it.
C) Leadership doesn’t understand how cyber insurance policy premiums are estimated or what exactly is covered.

Generally, cyber policies include coverage for costs incurred for remediation in response to a data breach, liability for claims arising from the data loss or breach, fines or penalties imposed by law or regulation, and additional payment card industry fines and penalties.

Dan Astin is a Managing Partner for Ciardi Ciardi & Astin law firm and regularly represents and provides legal and business consultations to commercial creditors, litigants, contract parties, corporate debtors, importers/ exporters, MSP’s, small business owners, and trustees, in matters of commercial business practices, litigation, customs and international trade, bankruptcy liquidations, administrative law, foreign corrupt practices act FCPA, contract negotiations, business restructuring, IT, select domestic and international trade. Dan’s legal experience includes prior service in the U.S. Navy’s Judge Advocate General’s Corps, as counsel to the Commanding Officer of USS Constellation (CV64); concious objector hearing officer in the first Gulf conflict; prosecutor and defense attorney United States Navy; trial attorney with the United States Department of Justice, Office of the United States Trustee; Associate Council customs and international trade.

The past 100 years or so have seen an incredible advancement in technology, and the new found age of Artificial Intelligence is certainly no small part of it. Everything and everyone uses Machine Learning concepts to make life easier, like Siri or Alexa, but the dark side of the same can definitely be used to make life a living hell.

At the Black Hat USA 2018 conference a couple of weeks ago, security researchers at IBM considered a very likely scenario in the near future and created DeepLocker – a new generation malware which can fly under the radar and go undetected by way of carrier applications (like video conferencing software) until its target is reached. It uses an A.I. model to identify its target using indicators like facial recognition, geolocation and voice recognition — all of which are easily available on the web. Weaponized A.I. appears to be here for the long haul and could target anyone.

Scary.

DeepLocker is just an experiment by IBM to show how open-source A.I. tools can be combined with straightforward evasion techniques to build a targeted and highly effective malware. As the world of cybersecurity is constantly evolving, security professionals will now have to up their game to combat hybrid malware attacks. Experiments like this allow researchers to stay one step ahead of hackers.

According to Marc Ph. Stoecklin, principal research scientist at IBM Research, “The security community needs to prepare to face a new level of A.I.-powered attacks. We can’t, as an industry, simply wait until the attacks are found in the wild to start preparing our defenses. To borrow an analogy from the medical field, we need to examine the virus to create the ‘vaccine.’”

But back to DeepLocker…

DeepLocker’s Deep Neural Network model provides “trigger conditions” that need to be met for malware to be executed. In case the target is not found, the virus stays blurred inside the app, which makes reverse-engineering for experts an almost impossible task.

To prove the efficiency and precision of A.I.-based malware, security engineers demonstrated the attack using the notorious WannaCry virus. They created a proof-of-concept situation where the payload was hidden inside a video conferencing program. None of the anti-virus engines or sandboxes managed to detect the malware, which resulted in this conclusion by researchers:

Imagine that this video conferencing application is distributed and downloaded by millions of people, which is a plausible scenario nowadays on many public platforms. When launched, the app would surreptitiously feed camera snapshots into the embedded A.I. model, but otherwise behave normally for all users except the intended target.

What is more, applications like Social Mapper can be implemented inside the malware which would make the detection of a potential target an even more manageable task.

Indeed, the power of Artificial Intelligence is probably limitless, but the experiment proves that security researchers still have a lot of work to do when it comes to cybersecurity. The examination of various apps should be taken into consideration, and any unexpected actions should be flagged immediately.

Deep Instinct’s Solution

To combat these cyber threats we suggest deep learning from Deep Instinct as an incredibly effective solution. The 20 has chosen Deep Instinct, the first company to apply deep learning to cybersecurity, for our MSP members to provide superior deep learning cybersecurity capabilities across service offerings and safeguard customers against current and future cyber threats.

Their solution provides full protection that is based on a prediction and prevention first approach, followed by detection and response, with unmatched efficacy against any cyber threat.

Want to learn more about the IT services we deliver? Contact us today!