GDPR

Email SecuritySpam, phishing, malware – these are just some of the hazards email can carry. We’ll see more of them in 2017, so what kind of security solutions can counter them?

Following on from our recent post about business continuity solutions, another topic worth following in 2017 is email security.

So just how important is it?

Well, according to email research from the Radicati Group, the number of business emails sent and received per day in 2017 will number 120.4 billion. By 2019, it will be nearer 129 billion.

And this unrelenting growth is one of the factors driving a huge increase in email-borne cyber-threats. In fact, in the first quarter of 2016 alone, according to this piece in Infosecurity Magazine, there was an 800% increase in email-borne threats over the previous year!

What, then, should you be looking out for to protect your business (or your customers’ businesses, if you’re a security reseller or service provider) against this onslaught?

Choosing email security

We’ve identified some specific features that we believe are critical to effective email security in 2017’s threat-laden world.

1. Ease of use for SMEs

The latest Government Security Breaches Survey found that SMEs are now being pinpointed by digital attackers, according to this piece in The Guardian.

But SMEs also include many businesses that have little or no in-house IT or security expertise  - so complex on-premise email security just won’t work for them.

Instead, look out for cloud-delivered, as-a-service solutions that major on ease of use (that means, amongst other things, no-maintenance deployment, with 24 x 7 updates, patches and hot-fixes delivered automatically by the vendor).

This kind of solution has the added benefit that it can filter email inline and scan it prior to it reaching the recipient, so threats are intercepted before they touch the business’s network.

Nothing to remediate, no spam to archive, nothing to clean up – good news for resource-starved small businesses.

2. Email clients – cloud’s a must!

Smaller businesses in particular are also turning to hosted email clients like Office 365 and Google Apps, with research showing that nearly two-thirds of small business owners already have an average of three cloud solutions in place.

Combine this with the knowledge that Office 365 has known issues with its ability to detect insecure document content, though, and it’s not enough to just go with a cloud-based email security solution. You also need to choose one that is good at dealing with cloud-based email client vulnerabilities.

Get the last bit wrong and you’re still behind the SME security curve.

3. Threat coverage and awareness

Spam, malware, spyware, phishing and inappropriate content are all known risks that must of course be protected against.

But the underlying question is how the solution’s knowledge of the threat landscape evolves, since it is this process that ultimately protects users against emerging threats like zero-day exploits.

Big data and machine learning algorithms are the key features to look for in this respect, but many vendors are now jumping on this bandwagon, so look at the hard numbers to sort the aspirational from the credible.

Take Trend Micro’s Hosted Email Security (HES) as just one example: over 50 billion website URLs, email sources, and files scanned, correlated, and filtered, with over 7 terabytes of new threat data processed - daily.

That leaves little doubt (and the latest features in Trend Micro HES make convincing reading, too).

4. GDPR compliance

GDPR is never far away from our discussions thesedays, and any cloud-delivered service is now under the microscope with regard to how it protects the privacy of the data that it holds.

Look for a solution backed by data centres that have reached the most stringent privacy certifications - in Europe, these are generally considered to be ISO 9001, ISO 27001, OHSAS18001 (LHR1) and SAS 70 Type II.

5. Ease of partner management

For security partners, there is an added dimension to a choice of security solution: the ease with which they can manage it!

Solutions that are difficult to provision and manage burn through administration resource and gnaw at margins – making them potentially unprofitable.

Look instead for a single security dashboard across all customers, that also works with industry-standard platforms like Autotask, ConnectWise and Kaseya.

This will enable you, for example, to automate monthly usage and reporting management, proactively analyse emerging security threats, and provision new solutions and services more rapidly – without signing into and logging out of multiple systems and tools.

Email security in 2017 – as-a-service solutions to a growing challenge

As long as businesses keep sending and receiving emails, the bad guys will keep using them to try and attack the soft underbelly of businesses.

But to do that, the emails have to get there in the first place – and if they’re getting caught by security in the cloud first, they won’t.

Definitely one to watch for 2017.

DataFortress Instant Data“Instant Data”, full system backup with one click, local storage options – read how DataFortress’s new features give you a competitive edge!

We pride ourselves on backing the newer, more agile players in the industry, and when we launched our DataFortress MSP solution (you might have seen the data sheet and the infographic) we knew we’d come upon a cloud solution that would give service providers some enviable differentiators in the backup and security space.

But DataFortress is now an even more tempting proposition for service providers, thanks to a raft of new features that really mark it out from the competition.

Here’s a quick overview of its latest and greatest differentiators.

Killer new DataFortress features (1): Instant Data

Recovery Time Objective (RTO) is a critical measure of backup resilience, but whilst customers are waiting for the backup and recovery data to build, they can’t access it. Inevitably, then, RTO starts from an already delayed position.

But DataFortress’s new Instant Data enables the customer to spin up a virtual SQL backup server that can both stream the backup and recovery data, and enable the customer to access and use it, as it builds – without having to wait for it to download.

Result: recovery starts more quickly, delivering much-improved RTO.

InstantData
Instant Data – customers get to their critical backup data without having to wait for it all to download.

Killer new DataFortress features (2): Full System Backup

Imagine that customers could simply click a button and all their data (files, folders, and images) could be backed up from all target machines (endpoints, servers, and everything in between). That’s DataFortress’s new Full System Backup feature.

The data is saved to a file that can then be run on a virtual machine, so that the business can always rapidly recover the very latest version of its backup data – with no reliance on hardware that might itself have fallen victim to whatever caused the need for recovery in the first place!

sliding button
This sliding button (top left) backs up everything, immediately. End of.

Killer new DataFortress features (3): Local Backup

The cloud might invite misty-eyed wonder, but the reality is it’s not bullet-proof. ISPs can experience interruption and bandwidth can be flakey. A hybrid approach would seem to be the path of least risk for many backup users -  and this is exactly what DataFortress’s Local Backup now offers.

As the name implies, it enables backup onto local storage media, so that there is always an accessible in-house fallback for customers when internet access has temporarily disappeared into the ether.

For companies who have an established physical backup routine, of course, (for example, storing tapes in secure offsite locations), Local Backup can also slot neatly into existing arrangements.

Local backup
Local backup adds “belt and braces” contingency to cloud services

Killer new DataFortress features (4): Legacy account conversion

Industry analyst Forrester has reported that 60% of businesses have said improving disaster recovery capabilities is a high or critical priority.

For many established companies, particularly those with strict compliance requirements, this means there is likely to be a whole mass of legacy backup accounts that need to be brought into the fold when a new solution is deployed.

Here, too, DataFortress has seized the initiative, making it possible for legacy data to be converted into modern formats and standards, and (to support this process) enabling old SE (Server Edition) accounts to be upgraded to new and improved ESE (Enterprise Server Edition) accounts and agents.

No longer is the past something that prevents backup and recovery service providers from making a sale in the present!

Legacy account conversion
Yesterday’s backup accounts brought bang up to date..

DataFortress: more killer features to come?

It seems certain that developments like GDPR are set to drive a new focus on data, how it’s managed, and how its value is protected, and DataFortress’s solutions certainly serve these objectives.

And, as we’ve mentioned in a previous post, this GDPR-fuelled market is potentially worth several billion to vendors and the various partners (resellers, MSPs, distributors) who work with them.

In the light of this – and given DataFortress’s past history of innovation – we can’t see it falling behind on features any time soon.

Watch this space...

General data protection regulationGDPR is coming! Here’s what the security channel needs to focus on to create opportunity out of regulatory upheaval.

On 25th May 2018, the EU General Data Protection Regulations (GDPR) become law.

But despite the burden of compliance that this places on the channel, isn’t it also a major opportunity for channel partners to sell more of the solutions that help end-users to address GDPR-related issues?

Here’s what we found when we dug into GDPR, and the opportunities it potentially presents, a little further…

GDPR opportunities – 1: Greater technology freedom?

A noteworthy feature of GDPR is that it does not prescribe specific data protection technologies – like a certain encryption algorithm, for example – and, therefore, does not automatically exclude others.

Instead, it prescribes processes, meaning that partners potentially have greater freedom than before to choose from a palette of vendor solutions that can satisfy those process requirements.

It’s a growth outlook reinforced by the IT industry’s most high-profile membership and training organisation, CompTIA. They have publicly stated to IT channel partners that GDPR means “Clients will be relying on their providers to help them meet regulations, which is a great opportunity to build on your relationships, all while creating new business with current and potential end users.”

So, given that GDPR is seemingly less proscriptive on the technology front than we might have previously assumed, what are the GDPR hot topics to which security partners’ offerings need to provide a compelling (and compliant) response, if they are to make the most of the opportunities at hand?

 GDPR opportunities – 2: Data protection controls

GDPR has serious teeth, but given our background in security software distribution, and from the point of view of security partners’ offerings, we believe it bites hardest around three key internal and three key external threat scenarios, which we’ve paraphrased from this recent research:

(including employee mistakes and malicious insiders)

  • Making lost data valueless if found – in other words, encryption methods that keep data safe if a device with personally or professionally identifiable information on it is lost or stolen.
  • Remote kill and wipe, to easily remove data from lost or stolen devices, or render them unusable, no matter where they are in relation to the user.
  • Data loss prevention (DLP), to control the types and sensitivities of data that users move around or out of the organisation.

(third-parties exploiting the organisation)

  • Locking-down, to control what kind of applications can and can’t run on an endpoint
  • Virtual patching, to stop remote exploitation of unpatched vulnerabilities
  • Breach detection, to flag where a network has been compromised, and thus enable users to block attempted data theft.

Should security partners be quaking at the sound of these snapping jaws? Not a bit of it.

Security solutions are already available that enable partners to deliver many of these GDPR-focused benefits to end-users, from vendors including Trend Micro (in both SMB and Enterprise formats) and others.

Plus, a recent survey of European businesses cited in this Information Age article found that 69% of those polled are not only likely to invest in security technology as a result of GDPR, but to do so in areas including file-sharing. (This hints at a growth in the cloud app-centric security requirement space, into which, as we discussed in an earlier post, at least one vendor already plays strongly.)

GDPR opportunities – 3: The size of the market

But it’s filthy lucre, predictably, that hints most effectively at the pot of GDPR gold at the end of the partner rainbow. And make no mistake, we are talking big money here.

, for example, has predicted that GDPR will create a $3.5 billion market opportunity for security and storage vendors – in which their partners, of course, will share – as the severity of fines drives enterprises to “radically shake up their data protection practices, seeking…new technologies to assist with compliance.”

An additional push factor in the groundswell of GDPR opportunities for security partners also came with the recent comment by the European Commission's Justice Directorate, according to the International Association of Privacy Professionals (IAPP), that companies judged to have invested responsibly in security can, under certain conditions, see any fines for non-compliance reduced.

Security partners, it seems, are likely to become many businesses’ new best friends!

GDPR: What next for security partners?

This piece in ChannelPro perhaps best expresses what partners need to do, as GDPR relentlessly approaches, to turn a disruptive regulation into a profitable business opportunity:

“1. Read up on the changes and ensure they become the trusted expert on the new regulations

  1. Educate their customers about the impact of the EU GDPR
  1. Ensure they’ve got the solutions available to help customers with compliance”

From where we’re standing, point 3 looks to be the least of partners’ worries…