Help Selecting the Right Cloud Provider

Developing a Cloud Strategy

If you are thinking about moving to the cloud or are already in the cloud but are not sure you are receiving the value you are paying for, developing, or updating your cloud strategy is an excellent place to start. Although it’s best to craft a cloud strategy before adopting cloud computing, many companies wait until they have gained experience with the cloud. The sooner you establish a cloud strategy, the more issues you’ll avoid. If you don’t have a cloud strategy already, you can start creating today. If you have a cloud strategy, we recommend periodically reviewing to account for changes in your needs.

Benefits of a Having a Cloud Strategy

  • Maximize cloud computing benefits

    Your cloud strategy should be a living document providing a concise view of the role of cloud computing in your organization.

  • Align your cloud strategy with other strategic plans

    . Be sure to communicate with all critical stakeholders and other strategic plans for data center, security, and architecture.

  • Plan your cloud strategy as the launching point for all subsequent cloud activities.

    It includes activities such as architecture, assessment, migration, and operations. Achieve this by keeping those activities in mind when devising your cloud strategy.

  • Safeguard your organization from any potential problems.
    If you subsequently withdraw from the cloud by including an exit strategy that describes the dependencies and choices involved in cloud computing.

Selecting the Right Cloud Provider

Once you have your overall cloud strategy in place, the next big decision is selecting the right cloud provider. The top three providers, AWS, Azure, and Google Cloud Platform (GCP), all have pros and cons depending upon your business needs. AWS offers a wide range of storage options, while Azure offers specialized solutions such as Data Lake for large, data-rich applications. GCP offers fewer storage options than the other two, but they are more targeted.

Determining the right cloud computing platform for your business can be a subjective exercise. 

Five Areas to Consider when Selecting a Cloud Platform

  • Reliability.

    You can find a reliable computing platform by going beyond name recognition. Look for feedback from real customers and a platform that emphasizes security.

  • Stability.

    Availability of regular releases, continuous performance, dispersed platforms, and load balancing.

  • Pricing.

     Do your homework. What is the cost of running an in-house server versus the available resources of an enterprise cloud? Are there other advantages besides price? Are there “hidden” costs to be considered?

  • Standardized services.

     Did you know cost-effective bundles of apps or the resources you need may save you over 40% over buying individual services such as SaaS, IaaS, or other digital products?

  • Flexibility.

     Search for a cloud computing platform that allows growth and scalability or downsizing. 

Quick comparison of AWS, Azure, and GCP

All three major providers offer pay-as-you-go models with 24×7 support and threat protection. You may need to look at crucial distinctions among the three-cloud platforms based on your business to determine the right platform for your business.

AWS is the best solution for:

  • You’re migrating to the cloud for the first time
  • Most of your business apps and platforms are Windows-based
  • You’re looking for hybrid and cost-effective solutions
  • Increasing or decreasing storage based on your needs
  • Enabling you to select an operating system, programming language, and database of your choice
  • Loss of minimal information during server and storage transfer
  • Offering more data centers for availability and low latency
  • Better DevOps support
  • Simpler licensing method
  • More robust support for Bl and analytics

Azure is the best fit for:

  • The capability for developers and users to create, maintain and deploy applications
  • A fully scalable cloud computing platform offers open access across multiple languages, frameworks, and tools
  • Total support for Microsoft legacy apps
  • Greater awareness of enterprise needs
  • Easy one-click migrations in many cases
  • Conversion of on-premise licenses to the cloud
  • Support for mixed Linux/Windows environments
  • Offering inbuilt tools like Azure stack to help the organization deliver Azure service from its own data center

Google Cloud is a good fit:

  • Providing a comprehensive container-based model
  • If you’re looking for a hyper-scale networking environment
  • Developing and deploying cloud-based software and apps
  • As a green tech solution

Help through the Cloud Maze

Contact one of Dewpoint’s Cloud Strategy Pros to discuss platform options and multi-cloud strategies. We help simplify the process and make sure you get the most value from selecting the right cloud platform.

Demystifying the Cybersecurity Insurance Maze

Selecting the Right Insurance Coverage

How much insurance does my business need? What are the differences in each policy? Am I ever fully covered? Sorting through the insurance maze can be a full-time job. Trying to figure out the right level of insurance for your business that offers protection without overpaying for coverage is a nightmare. Unfortunately, you never know how good your insurance coverage is until you need to use it. 

Protection from Repeated Attacks

We all know cyber insurance has become part of the insurance mix due to the continued sophistication of ransomware attacks. The first time a ransomware attack hits your company is unlikely to be the last for some small to mid-size businesses. Per Cybereason, “80% of organizations that reported having previously paid ransom demands said they’d been exposed to a second attack. Nearly half of those companies targeted twice said they were attacked by the same actors that initiated the first strike”.

Insurance Policy Exclusions

Although you can take steps to mitigate an attack, having the proper insurance coverage is vital if an attack does occur. It is imperative to understand the exclusion clauses of any given policy with cyber insurance. Research shows there is often a disconnect between expectations and insurers’ coverage regarding what types of incidents are covered and which ones are excluded. Most businesses want to make sure data breaches, ransomware payments, data restoration, and compensation for business interruption are covered. Most cyber insurance policies have a list of exclusions, including regulatory fines, funds transfers, intellectual property (IP), and lawsuits from the propagation of forwarding malware. 

Even when you think you are covered, most policies exclude “an act of war.” Malware developed by a nation-state-backed organization is not covered. For example, the NotPetya attack used a unique method of infecting patient zero. It used three methods of propagating through a network like a computer worm to infect other computers and networks. The outbreak resulted in immense financial losses for over 2000 organizations. Cyber insurance companies have refused to pay for any losses from the attack citing the ransomware incident triggered the act of war clause in the policy.

Insurance Coverage Types

It is essential to know and understand all your organization’s insurance policies. Different policy types may include a cybersecurity or business interruption provision. Some cyber insurance policies cover recovery costs from a security incident and not any business interruption losses. You may have the opportunity to trade expensive cyber coverage for much less costly criminal coverage since both may be applicable during a significant incident. To help you understand the different types of policies and coverage below is a comparison of the most common types of insurance:

  • Cyber Liability or Error and Omissions (E&O)

    Cyber insurance protects against data breaches at your company where technical E&O protects a company that makes a mistake or forgets to do a critical task that hurts a client financially.

To determine if you need cyber liability insurance, consider how much customer data you store on your network. If that’s a significant part of your business, you’ll want this policy to help cover costs if credit card numbers or other client data is exposed. If you don’t store much customer data, your first-party risk may be small. However, if the technology services you provide have a strong bearing on your clients’ network security, your third-party liability may be significant. In that case, you may have a strong need for technology E&O insurance.

  • Cyber or Business Interruption (BI)

    Cyber insurance typically covers business income loss after a business is impacted by a privacy or security breach. It typically covers the difference between the typical income and the reduced generated income during the shutdown caused by a cyber event. However, all cyber policies do not include BI insurance.  

In conventional property insurance, business interruption coverage is based on a breakdown of the insured’s planned operating expenses and fixed costs. Insurers revert to a predetermined daily compensation rate to simplify the process in cyber insurance.

Another important consideration of BI coverage is the magnitude of the interruption. Some policies require the business to be completely shut down before coverage kicks in. Other policies respond to a partial interruption or a slowdown. Be sure to read the definition of Business interruption, loss, and any applicable exclusions to understand the extent of the coverage.

  • Loss of Your IP

    –Usually not covered under either cyber insurance or general policies

Solidifying Your Cyber Defenses

The best defense against cyber-attacks is not your cybersecurity insurance policy. It is having a good security program with standards and processes in place and followed. If you are unsure how good your current security program is, we suggest a security assessment to measure your controls against industry standards. The assessment can identify gaps in your current environment and recommendations to reduce those gaps. Insurers can deem organizations uninsurable due to a lack of security controls. Even if insured, they may be reluctant to pay out if an incident occurs due to poor security controls. Contact one of our security experts to help navigate the maze of policies or an independent assessment of your security controls.

Are you Ready to Apply or Renew Your Cyber Insurance?

A new year; new cybersecurity threats.

We all read the headlines and know cybercrime against business is rising. Per Cybercrime Magazine, “cybercrime has a worldwide cost of $6 trillion in 2021 and may reach $10.5 trillion in 2025. If cybercrime were a country, it would be the world’s third-largest economy”. With the pandemic continuing to persist, resulting in a remote workforce, you can almost be sure of increased cyber-attacks. According to a study conducted at the University of Maryland, “on a global scale, an attack occurs every 39 seconds. Using scripts that try to guess usernames and passwords to get into a network, hackers target an increasing number of computers daily”.

Protecting your business with cybersecurity insurance.

Cybersecurity insurance is becoming a must-have staple policy to protect your business. Your insurance rate and policy coverage will depend on your current environment and the security processes in place. Typical sample questions asked when applying or renewing include:

  1. Multifactor authentication.

    Is Multifactor Authentication (MFA) always enabled on all email accounts using remote access
  2. Backups.

    Do you maintain daily offline backups for all of your critical data? What is the frequency of backups, the technology used, and other pertinent information?
  3. Past cybersecurity event.

    Have you had a cyber security event in the past? If so, what was the resolution, and what steps have you taken to prevent future events?
  4. Dedicated CISO.

    Do you have a dedicated CISO or security team? It can be either in-house or through a vendor.
  5. Vulnerability scanning and penetration testing.

    Do you conduct vulnerability scanning and penetration testing?
  6. Employee training.

    Do you provide annual training, including phishing training, for your employees?
  7. IT Infrastructure controls.

    What IT infrastructure controls do you have in place? What vendor tools do you use?
  8. Response plans.

    Have you developed a Business Continuity Plan, Disaster Recovery Plan, and Incident Response Plan?

Want to Reduce Your Cybersecurity Insurance Cost?

To ensure you get the best rate and policy, our security consultants can help by doing a security assessment to avoid surprises. We use a proven methodology to assess your environment based on the Center for Internet Security (CIS) controls (the industry standard for cyber security). The CIS Controls list high-priority, highly effective defensive actions that provide a “must-do, do-first” starting point for every enterprise seeking to improve their cyber defense. The CIS Controls map to most major compliance frameworks such as the NIST Cybersecurity Framework, NIST 800-53, ISO 27000 series, and regulations such as PCI DSS, HIPAA, NERC CIP, and FISMA.

Our assessment compares your current processes against the controls providing a snapshot of areas needing improvement and your score against the standard. We start by understanding your technical environment through a pre-assessment questionnaire and facilitated meetings. Once we have evaluated your environment, we provide a concise report showing your score in each area, with recommendations to improve your score. We can assist you in implementing the recommendations, or your IT team can take over. Either way, your cybersecurity risk is reduced by implementing the improvements, and your cyber insurance policy will cost less and cover more. Learn more ways Dewpoint can help by contacting us today. 

Dial 311 for “One Call to City Hall”

Transforming the Citizen Experience

Increasing citizen satisfaction while reducing support costs for touchpoints is every municipality’s goal. It is especially true when facing budget shortfalls and staffing shortages due to the continued impact of COVID-19. Implementing 311 can help you achieve both of these goals. In addition, it takes the burden off of your 911 system from citizens calling for non-emergency events such as sidewalk and road repairs, noise complaints, dangerous animal complaints, and sewer problems, to name a few.

City of Grand Rapids Case Study

In 2015, the City of Grand Rapids completed Grand Rapids 311, centralizing their city services call center and revolutionizing how citizens interact with the City. By dialing 3-1-1, customers can speak to a single city ambassador for assistance with nearly all City services. Customers experience shorter call times to resolve their issues, and the City reduced staff and saved money without sacrificing service. The City utilized Microsoft Dynamics CRM to support call center workflows. Upon completing the project, then City Manager Greg Sundstrom said Grand Rapids 311, “Transformed and vastly improved customer service here in Grand Rapids.”

Helping Transform the City of Kalamazoo

After the Grand Rapids project, Dewpoint brokered sharing the Microsoft Dynamics instance with Kalamazoo, saving time and money. Our project and change management experience guided City officials to establish goals and project governance for an efficient rollout with increased buy-in from City staff. We captured and documented the response scripts that enabled a single 3-1-1 agent to resolve questions for any department. Following completion, Dewpoint supports the systems by updating or making changes needed to the Cities’ CRM instance.

 “…for us to continue to improve and continue to get where we are, Dewpoint has been a fantastic partner for us. They have   really helped us with the 3-1-1 call center, which we did fairly quickly. Dewpoint did a lot of work for us on the backend to make that happen, and they have supported our ambassadors and our system.” Tim Dubois, CIO, City of Kalamazoo

Transforming Your Citizen’s Experience

If you are thinking about starting a transformation for your citizens, contact us. Dewpoint can help by applying our experience and lessons learned from the City of Grand Rapids and Kalamazoo. We have the proven methodology and professionals who have “done this before” to kick start your process so you can implement 311 faster and improve your citizen’s experience.