SysCloud Release Notes – Q1, 2017

FERPA, CIPA & HIPAA Compliance Guide

You might’ve heard acronyms like CIPA, HIPAA and FERPA – but what do they mean? They’re different types of compliance regulations that organisations must follow to make sure that student and staff personal data is safe and confidential.  

Insider Threats: A Guide to your Cloud Apps Security

Introduction Cloud Applications like Google Apps, Salesforce, Box, and Microsoft Office 365 are making productivity and collaboration easier and more effective without the need for big upfront investments in infrastructure and resources. Furthermore, these Cloud Apps are highly secure and have multiple levels of redundancy which are always on and safe. For organizations using Cloud Apps, the only threats remaining are from insiders i.e their own users. Why? There are 2 main reasons: Attackers do not get in by penetrating or breaking down network firewalls but via weak trusting employees e.g. phishing. Some employees (users) may indulge in activities which are damaging to the organization. Insider Threats and their Impact on Businesses Data breaches, when reported in the media, cause irreparable damage to the business involved in terms of reputation and customer’s trust. Additionally, legal obligations may mandate public disclosure of such a leak. Furthermore, the breached data may be…

Read more

Why Backup G Suite (Google Apps) Data?

  The real question is why you would choose not to backup your data. Data loss due to user error is the #1 reason organizations lose critical sales, marketing, customer, financial and IP data stored in email and documents. While we trust your data is safe in the hands of Google, you need to protect against user error, hackers attacks like ransomware, malicious actions and access from lost or stolen devices. Background Over 5 million organizations have chosen G Suite Apps for cloud office applications including Gmail, documents, calendars, contacts and hangouts. Your G Suite Apps data such as financial spreadsheets, customer emails, marketing plans and sales contacts is the foundation of your business. It has become an official focal point for day to day conversations and business critical workflows. Is your G Suite (Google Apps) Data protected against Data Loss? Yes, to the extent of your G Suite…

Read more

Syscloud Drive Encryption

How Compliance to PCI Can Be Achieved in Google Apps

What is PCI compliance? Critical requirements of PCI compliance Problems that companies experience in PCI compliance Introduction to Google Apps Requirements that organizations fail to meet and how Google Apps can help What is PCI compliance? PCI compliance refers to a set of security standards created by the payment card industry (PCI) for organizations that handle payments from the major credit card companies, including VISA, Mastercard, American Express, Discover, and JCB.  The PCI Data Security Standard (PCI DSS) was created by the PCI Data Security Council, an organization established by the major credit card companies themselves in 2006 but which operates independently of these companies.  The purpose of the PCI DSS is to prevent data loss and credit card fraud that could result from leaked data. Critical Requirements of PCI As currently configured, the PCI DSS includes six so-called “control objectives”, which are implemented through one, two, or three specific…

Read more

Export Reports

How Compliance to PCI Can Be Achieved in Google Apps

Topics covered What is PCI compliance? Critical requirements of PCI compliance Problems that companies experience in PCI compliance Introduction to Google Apps Requirements that organizations fail to meet and how Google Apps can help What is PCI compliance? The PCI Data Security Standard (PCI DSS) was created by the PCI Data Security Council, an organization established by the major credit card companies (VISA, Mastercard, American Express, Discover, and JCB) in 2006 but which operates independently of these companies. PCI DSS provides the baseline technical and operational requirements which are designed to protect cardholder data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers, as well as all other entities that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD). Depending upon the volume of transactions processed by organizations, either they are required to: Undergo evaluation by a QSA…

Read more

Top 3 critical security mistakes when configuring a Google Apps domain

When the wrong users can access sensitive files, one unhappy worker or spear phishing attack could lead to a breach. Also, lost or stolen phones become disastrous when the phone has access to critical data. Google Apps domain management offers granular controls for enterprise data security, but too many admins rely on default settings. Refining your domain configuration will help you prevent these three Google Apps security oversights. 1. Not Harnessing the Power of Organizational Units With organizational units, you can restrict Apps access and limit functions like mobile device access and remote Gmail access. Instead of creating organizations first and then assigning people, let user requirements dictate which organizations you create: Start with a master list. List each person’s name, job title, the Apps they must access based on job title and each person’s authority level. Group similar personnel into organizations. Create organizations in a way that makes sense…

Read more

Top 2 Threats Facing Organization’s Cloud / SaaS Data

It is not about protection from data loss or leaks from Google itself, it’s about the end user errors. If a user deletes or exposes a key file from Google Drive accidentally or on purpose, and there is no backup or cloud security to recover files, that could be a disaster for the reputation of the firm and irrecoverable loss of revenue.