Archives For cloud security

The Cloud is Taking Over

Spending on IT is down – the Cloud is to blame.  You can ignore it, or you can look for the opportunities in it. In every paradigm shift there is an opportunity.

If you sit around hoping it will go away, you may be out of business before long. You can complain about it, but that won’t help. You can push harder to sell more – making it up in volume somehow, but don’t count on that working either.

Gartner is telling us in May 2016, that spending is down 0.5% from this time last year…but we knew that would happen. They’ve been projecting a downturn since mid-last year.

Have you found the new opportunity? There are two things that are selling…

Cloud and Security. These two lead the charts on IT spending.

Big data comes in third. Larger companies have as much as half their computing in the cloud, and it’s growing. 80% of small business, according to Gartner will move some or all of their computing to the cloud.

Microsoft is making a big push – and we’re seeing it happen.  Oracle, Amazon, and others are doing their share as well.

As companies opt for cloud technologies, the need for upfront hardware investments is going down – along with hardware sales from your company. Meanwhile, cloud spending is growing at 22% – that’s big. If you have a cloud to sell – you may be able to capture a substantial amount of annuity business.

If you’re looking at software and license fees – expect flat growth over the coming months and beyond.

Opportunity #2 is Security

The cloud changes everything – are you investing in security services?  If you want to compete, but don’t have a big cloud offering – you can OEM.  The problem is, so can everyone. The cloud is good and bad. Suddenly everyone can offer things without spending the money.

But security is alive and growing – and it requires local expertise. Sure, you can resell a SOC offering – and you should.  But the local presence with top-tier assessments and response capabilities are worth a lot in this market. Add compliance offerings, and ongoing detection/response capabilities, and your company valuation is likely to grow quickly.

If you sell into midsize and small business – try adding 7 by 24 firewall (UTM) monitoring, mobile device security (as opposed to MDM – which is different), and SIEM technology…this gives you just about everything you need on the detection side.

Equip your team, or partner to get real time analysis of events to weed out the false positive stuff, offer routine assessments – delivered in business language and clear recommendations, and be ready to respond to relevant threats such as malware, ransomware, and anything else that might put a company out of business.

© 2016, David Stelzl



cloudcomputingSo How Secure Is The Cloud Really?

The Cloud Means Many Things – Not All Clouds Are The Same

If you’re clients are considering a move to the cloud, what should you tell them. I’ve had technology-provider clients steer people away from the cloud. Gartner, The Wall Street Journal, and I agree – people are going to move to the cloud, regardless of what you or I think about security. Telling them “No” is only going to hurt your business. Instead, start thinking of ways to help them make the move in a secure fashion.

The Cloud Is More Secure Then Their Company Network

This idea was underscored in a WSJ article this morning where United States Chief Information Officer Tony Scott offers his opinion.  Like keeping your money in the bank, you can’t duplicate bank security at home. He’s talking about cloud offerings like Google, Amazon, and Microsoft, not some fly-by-night could outfit. These companies are under the microscope everyday, facing attacks and audits. If anyone is secure they are. Most businesses are not going to build this themselves anymore than you are going to recreate bank-level security at home.

Note, I am not saying big cloud providers can’t be broken. Read my book The House & The Cloud. Simply put, if it’s connected to the Internet, it can be hacked. Google and their competition will always be under fire, and occasionally we’ll hear of a breach. I am also stating this for the majority of US companies which happen to be small and medium business. Many of the larger financial institutions are doing just as a good a job, or better with security. But as we saw with JP Morgan last year, nothing is impenetrable.  On the other hand, healthcare organizations seem to be way behind, both in their understanding of risk vs. compliance, and their ability to put a secure computing infrastructure in place. Most of them should probably just move to the cloud. They’re too far behind to pull it together themselves.

On the small and medium business side, two problems exist that can’t be fixed. First, it’s far too expensive to put in the right security measures – these smaller businesses just can’t afford it.  Second, and potentially a larger concern, the small and medium businesses can’t staff people who know what they’re doing when it comes to security.  For one thing, they can’t afford these people. But they also can’t keep them. An experienced security engineer is faced with security issues every day. That’s what interests them, and that’s what keeps them up-to-date and growing. Take someone like that and put them in a small business for 6 months, and they’ll be worthless.  Meanwhile, the larger cloud companies are constantly in motion, pushing their already talented security people up.

Your Advantage – Your Value Proposition

As a reseller or technology provider you have the same edge if you have an MSSP offering. As long as you have enough clients to keep you busy working on security challenges, you’re people will continue to grow. And the more you do, the better you’ll be. The SMB businesses out there benefit greatly from the centralized offerings you provide.

The One Challenge

The one challenge is education. These companies are going to the cloud to save money, not for better security. While they’re thinking about cloud, and before they make the move, is the best time to insert your expertise. Help them figure out what kind of risk them have. Then help them find the best cloud offering, including security. From there, take on their end-node security challenges, and their front line security detection and response program.  Right now is the time to act.

If you’re looking for a better message – consider going through the Security Sales Mastery Program…if you’re a reseller, chances are I can get you a seat sponsored by one of many technology providers you resell.  Give us a call to see if you qualify.

© 2015, David Stelzl

Las Vegas Hotel Rooms are GreatSmall Businesses Need More Security Awareness

Just a few hours from now I’ll be presenting to business leaders in Las Vegas – Sponsored by ProStar

I think one of my favorite things about coming to Las Vegas is the hotels – always a great deal, and if I had brought my entire family (7 kids and one wife), we would all fit in this room (yes, that’s a picture of my room this week.) I could’t fit the entire room in the picture above, that’s just the living room and dining area.  But on to today’s event…

Important News Items (Sound Bites) You Should Know

Last week’s Gartner event bought out the importance of IoT – The Internet of Things. Expect this to be big business in the coming year.  Everything is going to be connected, if it’s not already. This morning’s WSJ reports that 64% of people surveyed think they can manage IoT security…keeping people out.  93% agreed that hacking into someone’s IoT was a form of burglary (which causes me to wonder what the other 7% think), but 64% are concerned that their IoT will be hacked.  Something’s not adding up here.

First, 100% of IoT implementations can be hacked. 100% of it should be considered theft, and it would be foolish for anyone to say they can manage their security without a problem.  We should all be concerned about this – I’ll be addressing this today in our meeting. The more we connect, the easier it is to manage life and business – with the exception of security. IoT is not a security improvement, it’s a downgrade in security.

The Amazon Web Services Event kicked off Last Week in Vegas…What About Cloud Security?

We know from earlier reports that 80% of small businesses will be on the cloud in the next 4 to 5 years. This statistic is old, so we are more like 4 years out now. I expect that to accelerate.  “Researchers in Massachusetts are raising new questions about the security of all multi-tenant cloud environments,” writes Brandon Butler, for Network World.  In a recent interview I did with Sklar Technology in Richmond VA. I pointed out that cloud vendors probably offer a safer world for SMB data than the SMB business itself can provide. I still believe this.  But after conducting numerous follow up assessments across the attendees of last week’s event, Sklar found companies using the cloud but severely lacking in security. They discovered companies with no back up at all, PCs infected with Bots, and host of other issues. These small businesses need security, but they don’t have the time or the resources to keep things up to date and guarded against evolving threats. As Butler points out, the cloud is not secure. In his article he reports that researchers were even able to steal the encryption keys used to lock down the Amazon Cloud data. Now that vulnerability has been patched, but software problems never go away. There’s always one more vulnerability waiting to be discovered. Each one is a likely entry point for hackers.

Today’s Event

Today’s event is just what Small Business Leaders Need. We’ll be meeting over lunch at the JW Marriott, just about 15 minutes off the “Strip”.  ProStar and their partners are hosting this to help educate the Small Business Leader Community – it’s invite only, but completely paid for thanks to the generosity of ProStar and their vendor partners.

© 2015, David Stelzl

PS. Are you a technology reseller?  If so, you might be eligible for free security sales training through the SVLC Security Sales Mastery Program.  We have multiple security sponsors willing to help resellers ramp up these important concepts. Contact us to see if you qualify. 

HC Image

The New House & the Cloud – Completely Revised,

Full of New Strategies, And Updated To Address New Technologies – Cloud, BYOD, Mobility, Collaboration, and Social Business.

It’s been a long time coming – I had hoped to have this out in the late summer.  But it’s finally done, and with the publisher.  Here’s what to expect:

1. First, if you have the real book – The House & the Cloud (vs. the PDF version) you know the old cover was ugly.  It was my first book – published in 2007, and I was so anxious to publish it, I couldn’t wait for a better cover design.  I’ve learned my lesson – the cover does matter.

2. There’s now a website with tools, updates, videos, examples, and more – when you get this book, you get a whole lot more. I even have a forum to ask questions.  Anyone who buys the book will have access to the site. Just turn to the back of the book and follow the links – it’s free, as long as you have the book.

3. It’s longer. That might not be a selling point for sales people who are too busy to read – but if you have the first version, or even worse, my Vendor to Advisor book, you know the print was too small.  That doesn’t mean the content is bad – they are just harder to read than they should be. In this book,  you will find more content, but you will also find larger print and spacing to make it easy to read.

4. More chapters. I’ve shortened the chapters, cutting many of them into multiple chapters, making it easy to read and easier to find things. In this book 12 chapters are now 30.

5. Updated content. There’s a lot of new content here. Security has changed, but so has selling security. In this book you will find great ideas for selling security to companies using cloud, BYOD, social collaboration tools, and more. I also address managed services in detail – and have even included a chapter written by Choice Technologies, a provider of Managed Services and Managed Security.

6. More fun to read. My first book read more like a text book. This one is more conversational and easier to read. Hopefully this makes the book easier to get through so you can start earning more money on bigger security projects, faster.

7. More free stuff. Not only is there a free website, but there are introductory training offers and more in this book. Again, these are at the back of the book to help you take this material to the next step.

What Happens Next?

So what’s next? The publisher is reviewing the content – they should have this done this week.  Once that’s in place they will print a proof copy for me to review. I’ll do that over the Christmas holidays and have it approved before New Years.

Blog Subscribe Ad

Then its time to print! The book will be available on Amazon, initially as a paperback selling for $19.95. If you are interested in Kindle, please comment on this post to let me know. If I have enough requests I’ll send it to Kindle and have it online in Q1.

Another question that comes up often – will I have an Audio book…again, I would need to hear from you.  In the past I have had some requests, but not many.  Creating an audio book with a high quality reading is not cheap – so if the demand isn’t there, I probably won’t do it.  But let me know…my goal is to get this material to you in a way that allows you to benefit from it.

© 2014, David Stelzl

P.S. You can gain access to the Website now by downloading the 2007 Version and following the instructions in the responding email…Just visit us here:


AtlantaHow Does Data and IP Security Suddenly Change In This New Paradigm?

The Security equation has changed. This week I’ll be speaking to business execs in Atlanta on some of the changes they need to be aware of over the next 12 months…Thanks for Milestone Systems for hosting the event. This is much needed in every city!  Here’s a quick overview of what’s happening – companies have to change to compete – and this changes everything they’ve ever known about securing data.

Twenty years ago we thought math would solve this problem. Encryption algorithms and authentication keys were the answer. We all realize now that keeping thieves out is more difficult than we originally thought. And with digitization, expect the problem to get worse.

Who Is Behind The Latest Cybercrime Disasters?

Experts tell me there are three primary “actors” in the hacker world; Traditional Cybercriminals, Hacktivists, and Spies (Think – Espionage.) In addition, significant threats may exist internally among full time employees as well as with contractors and partners (a major topic of conversation these days among business leaders.)

Over the past decade the emphasis has been on credit card theft and skimming money. But more recent attacks focus on IP (Intellectual Property.) This is what Mike McConnell, former director of national intelligence, secretary of homeland security, and deputy secretary of defense, means when he writes, The Chinese government has a national policy of economic espionage…in fact, the Chinese are the world’s most active and persistent practitioners of cyber espionage today,” He is accusing China of carrying out Nation-State Sponsored Attacks. In reality, these are well-funded acts of war.

Recent U.S. security advisor reports add Russian hacker groups to this problem. Russian groups are thought to be far more sophisticated than the Chinese and therefore pose an even greater threat. Evidence suggests they are actively stealing U.S. innovations right now.

Many have called these acts of war, “The greatest transfer of wealth in history.” When you read about large complex cyberattacks, both Russian and Chinese groups are the primary suspects.

How Is Cybercrime Impacting Businesses Around Us?

Obviously there is the financial loss. But these crimes also cut into jobs, your competitive advantage, and even national security. McConnell comments how large-scale this problem is, stating, “We think it is safe to say that large easily means billions of dollars and millions of jobs.”

The Internet is the ideal medium for stealing intellectual capital, money, and power. Hackers can easily penetrate systems that transfer large sums of data, while corporations and governments have a hard time identifying specific perpetrators.

In a recent study, the 9/11 Security Commission reported back stating, “Our most pressing problems are the daily cyberattacks against the nation’s most sensitive public and private networks.” They later added, “Yet, because this war lacks attention-grabbing explosions and body bags the American people remain largely unaware of the dangers.” In the case of 9/11 we didn’t awaken to the gravity of this terrorist threat until it was too late – we must not repeat this mistake in the cyber-realm.

What Are Cybercriminals Really After?

As just mentioned, Company Secrets and IP are the newest hacker targets. So who is at risk? The truth is, no business is safe. But small business and entrepreneurial startups are often the primary targets for these perpetrators.

A recent WSJ headline reads, “Hackers target startups that secure early-stage funding.” Startup companies are now detecting cyberattacks just after they raise their Series “A” funding. They’re watching to see when funding is made available, knowing that there will be a sudden influx of cash. Another target would be new innovation. These groups are looking to advance without the R&D cost. To further exasperate this problem, recent patent law changes actually encourage the theft of intellectual property. The person who files first has an advantage over the patent right. That means that as you are inventing, others are watching. Suddenly credit card theft is of little consequence compared to your ten-year R&D effort. A copycat product overseas might be enough to put your company out of business.

How Will A Digitized World Worsen This Problem?

When it’s digital it’s connected, and that means it’s accessible. It doesn’t matter if something has a password on it. It doesn’t even matter if it’s encrypted. Firewalls are no match for today’s cybergangs. But as we necessarily move more toward the use of transformational technologies and IoT we expose ourselves more and more.

Over the past decade your clients have probably safeguarded their data behind network perimeters. Using firewalls, passwords and encryption, They have felt fairly secure. However there’s an underlying flaw in this approach. See my free ebook below for a thorough description of this flaw…

But a move to transformational technology is necessary. And that means moving away from traditional perimeter security. Digitization means connectivity, mobility, and a necessarily open computing architecture. If you’re clients are going to compete, all of this is necessary. As I’ve already stated, this is a great opportunity for the small and medium business leader. But with it comes exposure. People can’t control their data in someone else’s cloud, and they don’t oversee the network their employees are using at Starbucks. Their systems will, by design, face the public web, and their company no longer has any definable perimeter security. In the new world, their data is everywhere and accessible by just about anyone. And so, security approaches must change…

This is your opportunity. They need an advisor. But this is not a product sale – it’s an advisory role. One IT can’t really fill…

Make sure you have my book, The House & the Cloud – and get access to the House  & the Cloud private resource page, only accessible by those who have the book!

Send me the Book!  <<< You can get the book, and access to the resource page right here!

© 2014, David Stelzl

I had the honor of sharing the stage with some great speakers this week at the VAR 500 – now CRN Solution Provider 500, including Theresa Payton, Former White House CIO (who delivered some important updates on cyber security), Ken Thoreson – speaking on effective sales management, and our lively host Robert DeMarzo

I posted some critical points yesterday from the CIO panel – a must read for any sales person hoping to reach up to the C-Level on their sales call.  Theresa’s talk today included some important security trends for those of us who work in the security space.

1. First, if you have not updated your LinkedIn password, do it now!  There was a major breech today which may result in your password landing on a public webpage.  Also notify your clients and let them know. Many people foolishly use the same password across many accounts – I highly recommend using a password vault so you can maintain different, hard to guess passwords for your cloud application access.

2. Theresa gave us this formula: Byod w/o cya = byob to your next sale meeting.  Translation: Bring your own device to work without covering your assets is like bringing your own beer to your next sales meeting.  (I was happy to hear the phrase  “Digital Assets”, something I speak on at customer facing events each month.)

3. Tablets are the new computer for many companies – expect executives to be transporting sensitive data on these handy devices, assume they are unencrypted, and assume they will be lost or stolen on the next business trip…include this in your next security assessment; its a high likelihood issue.

4. SMIT – a new acronym pronounced as a word – smit (rhymes with mitt).  Social Media Information Technology.  Theresa explained how a security company can sift through a client’s LinkedIn accounts – especially those technical people on staff,  then check support boards online, and finally access facebook accounts, and between the three, just about map out the entire network infrastructure.  This is sure the impress the executives you are calling on – don’t tell them how you did it, just do it as part of your assessment. They will “Have a cow” according to Theresa…this is sure to land you some business.

5. Key cloud questions – “Who owns the data?”  Theresa told us of a company undergoing some legal action – there data was in the cloud – hosted by their provider.  The FBI wanted data, so the hosting company handed it over.  Chances are the court order did not require all data, but the cloud hosting company didn’t bother to check…they just gave it all. An interesting scenario for company execs to consider.

© 2012, David Stelzl