Pop quiz time. What’s more secure; financial records locked in a filing cabinet or financial records stored in the cloud?
If you don’t understand how cloud security works, you probably said the filing cabinet. It’s time for a little mythbusting about how secure your paperless office could be.
Last week, Cindy Bates posted on the Microsoft SMB Blog about the benefits of a completely paperless office. Like Delta Airlines, who recently switched to the paperless cockpit, it’s possible for any office or organization to ditch the dead trees and move entirely into the digital space.
One of the first questions decision makers ask when considering the paperless office is “how
secure is this?” It’s a fair question, so let’s consider Delta’s paperless cockpit example and overall data security.
The problem with paper is that, well, it’s paper. Paper gets lost, it burns, it can be misfiled and disappear. It’s only as secure as its physical location. If that location is a locked filing cabinet (or a vault under Fort Knox), if someone really wanted to get to it, they could.
A file in the cloud cannot burn, be stolen, accidentally left behind in a restroom, or any other number of things that could affect a hard copy of important information. For a recent example, take a look at the Internet Archive, whose scanning facility in San Francisco caught fire. Although no data was stored in their San Francisco office, if it had been, cloud redundancies would have prevented any loss.
But what about a data center, such as what powers Windows Azure or Office 365? Let’s start with physical security: data centers are monitored 24 hours a day, 365 days a year. A team of ninjas could, in theory, break in, but they’d still have to know which of the thousand machines contained your exact data—so unless you’ve upset the cast of Ocean’s 11, it’s significantly less likely than an office fire that could destroy physical data.
In addition, with Office 365, data transmitted across networks is encrypted—so if some agency (or other villain) happens to tap the wires, they still won’t be able to read your files.
While a move to a paperless office does not entirely guarantee data security—there are still those ninjas to think about—it is significantly more secure than leaving your information in paper form, where it could be destroyed or stolen with greater ease.
It’s just one more reason to go paperless.
Mobile devices are the mighty double-edged swords of today’s workplace. On the one hand, they provide greater integration of information, on the other, they could be your business’s one-way ticket to a catastrophic security breach. This week we had the amazing opportunity to speak with Anthony Kinney, Microsoft’s Verizon Partner Manager, about mobile security and the ways to mitigate data risk in a BYOD environment.
According to Kinney, the three main security risk areas associated with BYOD are:
- Data loss prevention, which has to do with securing the data on a device in the
case of it being lost or stolen.
- Data in transit, which is most often
protected by encrypting information to ensure that all communications between
the device and backend infrastructure are secure.
- Data leakage, which is
about keeping a user’s work and personal information separate. In other words,
“protecting users from themselves.”
We asked Kinney what Microsoft is doing to make sure that moving to a pocket office doesn’t mean introducing security risk. He discussed how our multilayered approach to security makes adopting a BYOD policy far less of a risk, with solutions like Secure boot technology, remote “wipe” capabilities, and automatic cloud storage (among other security solutions).
What makes the greatest difference, however, are the actions a company takes to ensure that their data is secure. The way Kinney sees it, employees jailbreaking and rooting devices is one of the largest risk factors for companies who allow employees to BYOD. What those companies do is implement third-party services to “containerize the data,” so it never actually goes onto the local device.
According to Kinney, Windows Phone solves for this by protecting the data at the data center level before it even gets to the device. This means each document can have specific edit/view/share settings so that when it’s accessed on a mobile device it can’t be ‘saved as’ or forwarded to another cloud service, depending on what the settings permit. This way the phone fully understands the corporate policies on the document, helping IT to provide security—even at the file level.
This level of device integration with your data allows your company to consider a BYOD or CYOD policy without the need for third-party security solutions—which themselves offer another point of potential failure and risk. By working with your existing desktop OS, email, and other systems, the native Windows Phone OS helps mitigate data loss risk for your pocket office by preventing it in the first place.
If your Auto insurance company sees you as a deadbeat or high-risk or driver, it might cancel or non-renew your policy.
Because insurers take cancellation seriously they won’t eliminate coverage for a traffic ticket or two. What’s more, state regulators ban cancellations under most circumstances.
However, a company can non-renew your insurance at the end of each policy period (six to 12 months) or cancel the policy during the first 30 to 60 days that it’s in force. The main reason for midterm cancellation is nonpayment. State regulators set the requirements, such as a written notice of non-payment, together with a 10 to 30-day grace period to pay.
Some states allow insurers to cancel coverage, usually for an activity – such as a DUI conviction that involves bodily injury or substantial damage – which indicates you’re at high risk for an accident; or for misrepresenting your driving history (for example, not disclosing that your teenager was behind the wheel instead of you when an accident occurred). Some companies will backdate coverage to the cancellation date, while others will not cover you during the period when you haven’t paid your premiums.
If you can’t bring your account up to date or the company cancels you for a reason other than non-payment, your policy probably won’t be renewed – which means you’ll have to look for insurance elsewhere, probably at a higher rate. Depending on the reason for cancellation, some companies might refuse to write your business. In this case, you can to turn to the state’s assigned-risk pool, which offers bare bones coverage at higher rates.
Your best move is to do everything possible to avoid cancellation or non-renewal. For example, if you can’t afford to premium payments, consider reducing your coverage rather than take the risk or cancellation.
For more information, just give us a call. We’re here to help!