The decade in cloud: Analysing the ‘remarkable transformation’ through SaaS, IaaS and PaaS rise

My Post (90).pngThe dawn of a new decade represents a good opportunity for a more rounded assessment of cloud computing to take place – and according to industry analyst Synergy Research, the ‘remarkable transformation’ has seen the enterprise data centre hit hardest.

Synergy has kicked off 2020 with a couple of notes looking back at wider enterprise IT spending, as well as the impact of SaaS revenues. As the decade began (below) spending on cloud infrastructure services barely moved the needle; but as data centre hardware and software spend plateaued in the middle half of the decade – only seeing an increase in 2018 – last year’s projections revealed that cloud spending had finally overtaken on-prem.

Over the whole decade, Synergy noted, average annual spending growth for the data centre was 4% – and even the majority of this was due to the first three years of growth. For cloud services, the figure was 56% across the whole decade.

When it came to SaaS revenues, it has been a similar story: annual revenues are now north of $100 million at a growth rate of 39% per year. This compares with a growth in perpetual license software of just 4% per year. Microsoft, the ‘very clear software market leader’ throughout the decade as Synergy puts it, has seen its total software revenues double and SaaS revenue grow from zero to more than $20 million across the decade.

The usual suspects have seen significant growth in terms of organisations moving to SaaS-based models, from customer resource management (CRM) to human capital management (HCM). Yet enterprise resource planning (ERP) is one area which is still somewhat underrepresented, Synergy argues.

As John Dinsdale, a chief analyst at Synergy Research Group, puts it, the emergence of various huge SaaS platforms around enterprise collaboration, from Workday, to Zendesk, to Cloudera, forced the hand of traditional software vendors to push SaaS more strongly.

Analysis

For those who have been involved in the industry over the past decade, the above is by no means new information. Yet it is certainly interesting – and more than a little fun – to look back and assess various growth points and predictions.

At the beginning of the decade SaaS, powered by the explosive growth of Salesforce, was clearly the poster child for cloud computing use cases. Looking at a Gartner market trends report from 2012 focusing on SaaS, as this publication reported at the time, many of their prognostications rang true. Gartner predicted that SaaS-based CRM would grow at three times the rate of on-premise applications, while noting that SaaS-based ERP would take a tougher route to cannibalisation. Each analyst report around the time put SaaS in the biggest bucket, followed by IaaS and then, much lower down, PaaS. – Read more

How to Safeguard Client Data During Tax Season and Beyond

My Post (89).pngCyberattacks against tax firms are on the rise, putting taxpayer data at risk. Learn to protect your firm and your client data with these cybersecurity tips.  

Safeguarding any business and client data is important. As tax season draws nearer, however, the IRS is particularly concerned with how businesses and tax firms work to protect taxpayer data. Cybercriminals thrive in the tax season, taking advantage of unprotected or poorly protected firms in order to file fraudulent tax returns. Whether you’re in the business of filing taxes or simply want to better protect your client and customer data, these tips on cybersecurity methods have you covered.

Chris Chao, a cybersecurity expert that focuses on accounting firms with Centerpoint IT shares his insights into the importance of year-round cybersecurity in with accounting organisations.

The Importance of Cybersecurity

As of 2018, 32.7% of U.S. adults had experienced a hack to their email account or social media. Personal accounts, however, aren’t the only data that is at risk. Large public breaches, such as the Yahoo hack, affected 3 billion users. Marriott’s data breach, reported at the end of 2018, impacted 500 million accounts.

According to the IRS, data theft at tax professionals’ offices is on the rise, and so too should be our diligence about protecting user and taxpayer data. Cyber attacks are the fastest growing crime in the U.S., and is an increasing threat throughout the globe as more and more of the world’s population become internet users. Finding new and effective ways to protect client data is more important than ever.

Stay Up to Date on Security Regulations

One of the first steps to protecting your company and consumer data is understanding your legal responsibilities as a small business or tax firm. IRS publication 4557 is designed to help tax firms, especially those that do e-filing for individual income tax returns, develop a security plan to ensure their taxpayer data is secure. Reviewing all tax security regulations before you develop your plan will help you hone in on the best practices for the type of data you and your company store and utilize.

Install Security Software

Anti-virus, firewall, and drive encryption software won’t stop every cyber threat out there, but this basic practice will help serve as a layer of protection between you and identity thieves looking for taxpayer data. Anti-virus and anti-spyware software help protect your devices from malware or unauthorized software. Keeping this software up to date is also an important step. Regular updates help the software identify the newest threats and stop them before you even know they are there.

Back-Up and Protect Stored Data

Stored data that is not encrypted has a higher risk of getting hacked. It is good practice to encrypt any stored data with passwords prior to backing them up to the cloud or a server. Also, avoid using public computers or networks to access this stored data, and wipe clean any old hard drives or storage devices that are no longer in use.

Closely Monitor Business Activity

Spotting data theft can be easier than we think if we know where to look. For tax professionals, keeping an eye on the number of returns filed with your Electronic Filing Identification Number will help you stay on top of any fraudulent returns. Unexpected rejected returns, notices to your clients about returns they haven’t yet filed, other unusual communications, and even a slower-than-normal network can all be indicators of data breaches.

Learn to Recognize and Report Cyber Crime

Cybersecurity Ventures predicts that businesses will fall victim to ransomware attacks every 11 seconds by 2020. That is a dramatic change from the already high number of attacks on businesses—every 40 seconds—as of 2016. The biggest contributor to these attacks is people unknowingly clicking on phishing emails and scams, allowing the ransomware to infiltrate a computer or network, and locking up important data.

Learning to recognize phishing emails, especially those that appear to be from the IRS, tax software providers, your data storage provider, or other legitimate organizations that may contact you via email. Don’t download attachments or click on links in any suspicious email, and pay close attention to the email address, subject line, and domain names in links. The slightest hint—a missing letter, misspelled words, or the use of hyphens and dashes—could indicate a scam.

Once a scam is identified, report directly to the appropriate authority. For tax-related breaches, report to the IRS and they may then encourage you to also report to the FBI or Secret Service. File a police report with the local police in the event of a data breach, and the state Attorney General or Federation of Tax Administrators to report a breach related to state taxes. – Read more

Four ways to develop a hybrid cloud security strategy

My Post (73).pngAccording to recent research, organizations today use an average of 5 clouds on average including public and private.

Do these numbers sound familiar? If so, then you’re no doubt acquainted with the work that goes into managing multiple cloud environments, each requiring their own set of resources and unique security profiles.

And it doesn’t stop there. Studies show that the average employee uses at least eight different apps. At companies with more than 1,000 employees, that number jumps to well over 200. And remember, these are only the apps that IT departments actually know about. A whopping 93 percent of respondents in one survey said they regularly deal with Shadow IT – which is the surreptitious use of unsanctioned cloud services and apps.

So, what does all this mean? Namely, that the move to the cloud, largely viewed by now as a given, has introduced far more uncertainty into organizations than we’ve been led to believe. In fact, a study by HIS Markit Technology found that of the 350 organizations surveyed, 74% had moved an application into the cloud and then moved it back into their own infrastructure. As a result, ensuring consistent security for the applications, workloads, and other resources that move across and between different cloud environments involves a nearly impossible level of complexity, especially when the right strategies and tools aren’t in place.

That’s why success in a hybrid cloud environment must start with a strategic vision that will guide investments. Ready to get started? Here are the four essential pillars on which successful hybrid cloud strategies are built:

  1. Focus on Cloud Integrated Security
    Generally speaking there are two types of cloud security solutions. The first are point solutions designed for on premise environments that “sit atop” cloud infrastructure. The second are cloud native, “built-in” cloud solutions designed to take advantage of integrated cloud APIs and services developed by the cloud provider.
    At the very least, organizations should be aware of these distinctions. But the evidence is clear: the more security solutions used that natively integrate with cloud-based services, the more secure the organization. Even fewer of these solutions run natively across multiple clouds, But for those that do, leveraging the native security capabilities of all clouds and cross-integrating them into a multi-cloud security framework allows organizations to turn the risk-multiplication effect they fear into a security-multiplication effect that actually works to their advantage.
  2. Step Back and Truly Analyze Your Needs
    Just as “the cloud” is a nebulous, hard-to-define concept, so too is “cloud security.” Cloud environments are complex. Not only does each cloud platform require different solutions or strategies, so do the various functional areas within each platform. Agile application development, for example, requires security tools that can be integrated directly into application code to ensure things like secure transactions and data protection and prevent application tampering. Cloud infrastructures require NGFWs, web application firewalls, IPS systems, and advanced threat protection solutions. SaaS applications require things like sandboxing, CSPM/CWPP, and other security services to ensure that access to applications and data can be controlled.
    Take a careful look at your infrastructure today, and consider how it may evolve – and find a security solution strategy designed to handle as many of these different needs as possible, now and into the future.
  3. Seek to Minimize Complexity and Maximize Visibility
    The goal here is clear – pave the way to deploy a sound cloud security platform and then focus on reducing the effort needed for IT departments to deploy, configure, update, and coordinate that platform.
    This is easier said than done. Solutions deployed in different cloud environments usually don’t natively talk to each other or share the same descriptions for similar resources, events, or policies. This can make it impossible to implement consistent security policies between environments, leaving inadvertent security gaps that cloud-savvy cybercriminals are all too willing to exploit.
    Security in the context of cloud means being prepared to implement layers of security that can be automatically translates across and between different environments. This requires the use of cloud connector technologies designed to provide seamless, on-the-fly policy and configuration translations between cloud environments to ensure consistent security end-to-end.
  4. Emphasize Centralized Control
    Want to avoid raising IT security overhead in a cloud environment? Move to a security platform that can tie together all of the various security elements you need through a single-pane-of-glass management interface. This should include configuration management and assessment, policy and update orchestration, event and intelligence correlation, as well as the ability to oversee a coordinated response to malware and breaches.

– Read more