Choosing the Best Cloud Services Provider

Making the right decision

You decided to move to the cloud and developed an overall cloud strategy. Now you need to choose a cloud provider. The big three in the industry are Amazon Web Services (AWS), Microsoft Azure, and Google Cloud. All offer similar services in various categories, including compute, storage, identity, security, database, AI and machine learning, virtualization, DevOps, and more. One size doesn’t fit all. You need to determine your needs and which cloud provider fits you best. 

Points to consider when choosing a cloud provider

Selecting the right cloud service provider can be a daunting task. Evaluating and ranking the importance of each item below may help you make the right choice for your business.

  • Cloud service type – First, you need to determine what cloud setup you need – public, private, or hybrid. In addition, there are three types of cloud services; Iaas, PaaS, and SaaS. Once you know the kind of cloud you need, you can start looking at the various cloud providers.
  • Capabilities and product offerings – Each cloud has its top offerings. AWS and Azure are the most extensive cloud providers and have more or less the same capabilities and product offerings. Making a list of your critical needs, specialized services (such as Windows Virtual Desktop or Azure CosmosDB), and products may narrow down your options. 
  • Technical expertise – The critical decision in selecting a cloud service provider may be your team’s experience and knowledge. Adopting new technology may increase the “hidden” cost of moving to the cloud. For example, if you are a Microsoft shop, and your needs are SQL Server, Windows, .NET, and Office, then you are best off looking at Azure cloud.
  • Cost – For most businesses, the most crucial factor is cost. Depending on your need for products and services, the price may vary from cloud to cloud. While all top three clouds, AWS, Azure, and Google Cloud, are competitive, some products may differ.
  • Security and compliance – Due to your type of business, you may have unique security and compliance needs. While AWS and Azure have most of the standard compliance certifications, they may not have your required certification. Although the cloud has various security options, you must ensure security is enabled.
  • Support and Maintenance – This is another critical area to compare costs. Each cloud service provider has a different support and maintenance contract.
  • Location – The top providers have multiple physical and logical locations if the location is essential to you. 
  • Multi-cloud – AWS and Azure are two complete clouds that provide almost everything you need in the cloud. For example, AWS for file storage and messaging, Azure for DevOps, database and developer tools, and Google’s cloud for documents and emails. However, adopting a multi-cloud cloud approach may be a way to meet all of your needs. Just be aware this approach usually comes at a cost. If you don’t plan properly, your cloud services may cost you more than you planned.
  • Hybrid Cloud – Some services (such as large data storage) may be cheaper keeping on-premises rather than in the cloud. Using a hybrid approach can save.
  • Specialized Cloud –  besides the top three providers, there are specialized cloud providers that may save you money. For example, Content Delivery Network (CDN) is a service that provides faster services for content delivery. If you have tons of content to download (images, files, videos, photos), using CDN will cost less than live streaming and video streaming from Azure and AWS. WordPress hosting and bulk email services are other areas where specialized cloud providers offer cheaper options than the top service providers.

Help in making the right decision

The answer to which cloud service provider is right for you is not an easy decision. It all depends on your business needs and cloud strategy. If you need help developing your cloud strategy to make the right decision, contact one of our experts today to guide you.

You’ve Been Hacked – Maximizing Your Cyber Insurance Policy

Steps you can take to get the most out of your coverage

Unfortunately, your business is one of the 66% of organizations hit by a ransomware attack during the past year. Luckily, you have cyber insurance in place; however, knowing the steps to take if a cyberattack occurs is critical to ensure you get the most out of your coverage.

Best practices in the event of a ransomware attack or cyber extortion

  • Provide immediate notice to the insurer. You should promptly notify your cyber insurer and all other liability and first-party insurers of the ransomware attack. Your cyber insurance may not provide all the coverage; thus, notification to non-cyber liability policies such as liability, crime, and property policies is necessary. Delaying notice to insurers may result in the insurers arguing that notice was late and declining coverage for a claim that otherwise could have been covered.
  • Secure consent from the insurer to pay the ransom. Extortion coverage often requires you to ask for written permission from the insurer before agreeing to pay the ransom. Without advanced consent, insurers may refuse to reimburse you for payments.
  • Be mindful of cooperation. Insurance carriers constantly assert that cyber policies require you to cooperate with them. Their outside counsel will say that this requires the insured to do whatever the insurance carrier asks for, whether it is information relevant to the claim or information that only will help deny coverage. Insurance carriers want you to coordinate with them and relevant authorities, provide updated claim information upon request and work cooperatively to resolve the event and third-party liabilities.
  • Think about “silent cyber.” Consider whether other insurance policies such as kidnap, ransom and extortion, crime, or property insurance policies could provide coverage for losses resulting from ransomware or cyber extortion. “Silent cyber” is the idea that other insurance policies, which are not sold as “cyber insurance,” can provide coverage for cyber risks, including ransomware and cyber extortion. Some cases show that other policies offer coverage for ransomware-related losses. Other policies could help provide coverage if your cyber program’s limits are insufficient or even to fill in the amount of a sizable retention in your cyber program.
  • Pay attention to a “reservation of rights.” A reservation of rights is a letter from the insurance company admitting that coverage is implicated by the event while purporting to “reserve” the “right” to deny coverage later. Sometimes, reservation of rights letters are flat wrong. Maybe the carrier misunderstood the facts,  the policy language, or the relevant coverage law. Either way, you need to pay attention to the reservation of rights letters and correct carrier misstatements.

Increasing Your Cyber Security Posture

We have security professionals ready to assist you if you need help reviewing your cyber security insurance or increasing your overall security posture. Reducing the risk of an incident occurring will ultimately save you time and money. Reach out to us today to learn the ways we can help you.

Interested in a New Opportunity?

Dewpoint Recruitment Mixer

Are you a Business Analyst, Project Manager, Developer, or IT professional? If so, have you thought about working for a growing company that values its people and promotes a culture of innovation, service, diversity, and adaptability? Dewpoint is holding a recruitment mixer on August 4th from 4:30 to 7:00 pm. Submit your resume today to [email protected].  Once we had a chance to review it, one of our HR specialists will contact you with further details. 

6 Best Practices to Evaluate Cyber Insurance

Why Do I Need Cyber Insurance?

Cyber attacks threaten every business daily, and hackers’ demands are rising. Per the National Security Institute, “the average fee requested for a ransom was $5,000 in 2018, but it increased to around $200,000 in 2020. Can your business survive paying a ransom demand and the potential impact on your operations and customers? Cyber insurance can help protect you from the fallout of cyberattacks and hacking threats. It can also help minimize business disruption and potentially cover the financial cost of the attack and recovery. 

Do I need both Ransomware and Cyber Extortion Coverage?

As with any insurance policy, reading the fine print is essential. Cyber insurance policies may not cover both ransomware and cyber extortion. What’s the difference? 

Ransomware – hackers use malicious software to gain access to your company’s computer systems or files and block user access. Cybercriminals hold the data hostage until they receive a ransom payment for the encryption key. The attacker typically demands a cryptocurrency such as bitcoin as payment.

Early ransomware attacks demanded a ransom to unlock the data or a device. Hackers, however, often initiate “double extortion” attacks that require a ransom to both retrieve and prevent the publication of the data.

Cyber Extortion – in a cyber-extortion attack, the bad actors steal data, then tell the victim company what they stole. They nearly always provide a virtual “proof of life,” such as a picture of a file tree showing what network parts were infiltrated and might share a sample file. Then, they will demand payment to take the data offline, promising to destroy it.

What should I look for in a Policy?

Cyber insurance varies significantly among different carriers, and the cost will depend upon a combination of the coverage and your current security posture. When comparing policies, below are six best practices to evaluate insurance.

  1. Pay close attention to the application. Under many cyber policies, the insured represents and acknowledges to the insurer that the statements and information in the insured’s application are true, accurate, and material to the insurer’s agreement to accept the risk. The insured’s completed application might become part of the contractual terms between the insured and the insurer. Insurance carriers might assume that if the application contains a misrepresentation or omission material to the insurer’s acceptance of risk, even if the omission or misrepresentation was accidental, the policy provides it is void.
  2. Look for a coverage section called “cyber extortion” or “ransomware,” and make sure your organization buys that coverage. That coverage often includes the cost of paying a ransom and sometimes consists of the costs of investigating the cause and origin of the attack, as well as remediating it. Not every policy has this coverage written into the policy explicitly. If the policy is offered “cafeteria-style” – meaning the buyer must pick and choose the coverage to purchase – it is crucial to ensure the organization buys cyber extortion and ransomware coverage.
  3. Look for a coverage section called “business interruption” or “business income and extra expense.” This type of coverage section is often similar to a first-party property insurance policy’s coverage. It provides coverage for lost income and extra expenses from ransomware taking networks offline.
  4. Look for a coverage section called “network security liability.” This type of coverage will often cover the costs of defending and indemnifying third-party liability claims from customers or other third parties due to the failure of network security (often how ransomware and cyber extortion events occur).
  5. Consider the potential impact of any so-called “war” exclusion, particularly in light of recent world events. War exclusions have become the subject of debate regarding cyberattacks and insurance, with some current and significant coverage litigation disputing whether a “war exclusion” applied to NotPetya (a form of malware that looked just like ransomware). Some carriers have left their “war exclusions” alone; others have added significant verbiage to their exclusions. Changes to war exclusions could have a substantial impact on coverage.
  6. Avoid sub-limits and co-insurance. Some insurance policies set a lower coverage limit for cyber extortion and ransomware attacks. For example, a $10 million limit cyber policy may provide only $5 million for cyber extortion. Those seeking insurance should consider whether a proposed sub-limit amount is sufficient to cover a possible ransomware attack. Policies might also include co-insurance, a provision that carriers say requires the insured to match, dollar for dollar, amounts that the insurance carrier pays for ransom, or extortion. Certain insurers continue to provide a full limit of liability for ransomware and cyber extortion.

How We Can Help

The best way to reduce your cyber insurance costs is to increase your security posture and ensure your policy will pay if an attack occurs. If you need help, contact us to talk with one of our security experts to reduce and mitigate an attack and save you money on your cyber insurance.

What is a Well-Architected Framework?

Why is Well-Architected Important?

Did you know that Customer Personally Identifiable Information (PII) is the most frequent and costly record type compromised? See IBM’s Cost of a Data Breach Report 2020. The average cost of a PII data breach is staggering; $3.86M for the data breach, $150 cost-per-record of Customer PII, and an additional cost of $175 per record of Customer PII in breaches caused by a malicious attack. Furthermore, the harm done to your company’s reputation may be irreparable. Architecting successful workloads (following the Well-Architected Framework) can help you proactively avoid loss of trust and the expensive aftermath of breaches.

Benefits of Well-Architected Framework

A Well-Architected Framework (WAF)enables cloud solution success by providing architecture guidance and best practices to improve the quality of workloads. Five key tenants of WAF are:

  • Cost-Optimization: Focus on generating incremental value early. Apply the principles of Build-Measure-Learn, to accelerate your time to market while avoiding capital-intensive solutions. Look for ways to reduce unnecessary expenses and improve operational efficiencies.
  • Operational Excellence: Design reliable, predictable, automated deployments with monitoring and performance management. Automate deployments to reduce the chance of human error. Fast and routine deployment processes won’t slow the release of new features or bug fixes. Equally important, you must quickly roll back or forward if an update has problems.
  • Performance Efficiency: The ability of your workload to scale to meet the demands placed on it by users efficiently. Lower maintenance costs, improve user experience, and increase agility by architecting solutions with scalability baked-in. Move to PaaS by default to use built-in scaling functionality.
  • Reliability: Scale-out instead of scaling up expensive hardware and build reliability across deployments with resilient HA applications and failure mode analysis. Automate all aspects of your cloud solution to improve reliability further and minimize the possibility and consequence of human errors.  
  • Security: Build with security by design to provide confidentiality, integrity, and availability assurances against deliberate attacks and abuse of your valuable data and systems. Think about security throughout the entire lifecycle of an application, from design and implementation to deployment and operations. 

Next Steps

If you have moved to the cloud or are thinking about moving, our experts can help ensure your applications and systems are designed in scalable, resilient, efficient, and secure ways. We understand there is no “one-size fits all approach”; we start by evaluating where you are today and what you need. We focus on balancing and aligning your business requirements with the technical capabilities required to execute those requirements, considering risk, costs, and overall priorities. Give us a call today to start employing the Well-Architected Framework.