[Column] Sandra Crous: Securing payroll data in the cloud

As with the majority of business software, HR and payroll solutions are increasingly available through the cloud as a pay-as-you-use model and are today, considered as mainstream as any other business application.

However, a fundamental issue for any user looking to move their HR and payroll systems to the cloud is the common, yet incorrect assumption that cloud solutions are somehow less secure than their on-premises counterparts.

There are several trends that are having an impact on payroll data security, says Sandra Crous, MD of PaySpace, a leader in cloud-based payroll and human capital management software. “As more and more solutions and goods go digital, the pace of change increases, and at the same time physical borders become blurred, as applications are accessed on mobile devices outside of the organisation, by those needing instant, anytime access.”

“We have seen a massive rise in the use of and delivery of online payslips, mobile self-service, the growing use of automation, and the consumption of payroll services via the cloud, due to their promise of high configurability, fast implementation and increased flexibility. However, on the downside, whenever you are dealing with data-sharing over the cloud as opposed to on-premise, the risk to data increases.”

Remember too, that as the use of tablets and smartphones to access business applications and systems remotely skyrockets, a company’s data might now be stored on a plethora of outside devices instead of within a single, on-premise network. In addition, this slew of devices are all attached to the Web, and many may not be pre-configured by the company with security in mind. Leaving security at the discretion of the employee is never advisable.

Without realising it, businesses are trading convenience for security. “Our reliance on cloud services has seen our dependency on third parties increase too and has obscured our view of the protocols and measures that are in place to guarantee data security. This can cause serious issues because once a company has signed up with a particular provider, they now have to deal with all the risks associated with compliance, legal, and of course integration with other systems.”

One way to ensure your data stays safe, says Crous, is to partner with the right cloud payroll vendor. “Ask them questions such, as to how they handle, and what they do with your data that they have access to. Also question them on their practices, to ensure they are legal and fully compliant with current regulation. Finally, when reading your SLA agreement, read the fine print too. Many unscrupulous businesses like to cloak how they might use your data in legalese that no one bothers to read properly.”

“A reliable vendor with a well-established brand will host your data in a secure environment,” she says. “Moreover, its solutions will also have an interface that is simple and accessible, as well as powerful mobile apps that enable your employees to work on the move. It will also be 100% transparent about data security and have this built-in from the ground up.”

She says PaySpace, for example, goes way beyond what most providers offer in terms of security. “We believe that security has to be considered at every level, from the internal user level, and application layer, to the facilities and network level, and in fact, are one of the few providers who are ISO 27001 certified.”

For the internal user, PaySpace’s security model is flexible, operating on a “need to know basis” and a “who you can see” basis, where the principle of least privilege is applied, users access is restricted  to selected screens or to  read-only access.”

At the application layer, PaySpace is powered by a single instance, multi-tenant architecture, in which all users and applications share a single, common infrastructure, but is logically and uniquely separated for each customer, with a TenantID in place to ensure that each user’s data is kept separate. “Moreover, all users have a unique email address and password, and all access to PaySpace as a whole is governed by the most stringent password security policies, and all passwords encrypted before they are stored within a database that is encrypted too.”

Crous says PaySpace also employs 128 bit encryption on every form within the system, the reports which are emailed to users are sent in a password protected zip file, and an audit trail exists at every stage for traceability purposes. “Finally, we use safe bank EFT transfer technology for financial account validations as well as communication with banks.”

At a facilities level, PaySpace stores its data at one of Africa’s most modern and state-of-the-art data centre facilities. “Our data is backed up every 15 mins to an offsite server, with a full back up happening every evening. In terms of access, public access is strictly prohibited, and the facility is monitored with live video surveillance 24/7/365.Physical access is controlled by access cards, with access to the facility restricted to Certified Technical Points of Contact. Biometric systems add a third layer of security, with fingerprint scanners used to restrict access and ensure only the appropriate individuals have access to the data centre.”

To ensure network security, PaySpace has proven security practices in place, a perimeter firewall that guards our network against malicious activity by scrutinising data entering or leaving the network. This protects us from DDoS and Zero-Day attacks, as well as malware and spoofing attacks, explains Crous. “We also have IPS in place to scan for any anomalous behaviours that might indicate an attacker is trying to infiltrate our network and block it immediately.”

Finally, she says PaySpace’s vulnerability scanning process protects its systems by pinpointing vulnerabilities that could be exploited by threat actors and reporting them immediately.

“Choosing the right provider means it is possible to harness all the benefits of the cloud without compromising security. Do your research, and make sure your cloud provider is adequately addressing all security risks.”

Sandra Crous is the Managing Director of cloud-based payroll and human capital management software, PaySpace.

[Column] Garsen Naidu: Scaling collaboration cloud service in the workplace

When it comes to scaling a cloud service (and more specifically) a collaboration cloud service – what must-haves comes to mind?

For me, it’s a vendor and service that has experience with millions of users, millions of calls and meetings, billions of messages, 99.999% reliability, and a whole lot of geek talk. These are crucial factors if you are choosing a collaboration cloud service for your business. But there are a few more facets you need to think about.

Enabling your teams and employees to make the best of any and every workspace in today’s ‘work-anywhere, work-anytime’ era is a big one and can be a competitive advantage. And this is why a collaboration experience that scales to different workspaces and devices is so important.

Collaboration is about of getting things done, together. It’s important to think about where the work gets done, what tools your teams use to get work done and how time, context, and continuity affect their work. The collaboration experience needs to transcend the physical workspaces we occupy, the gadgets and devices we use, and how work gets done over time. It’s enabling fluidity in form factors and workflows.

When your experience does not scale…
Here’s an all-too-common scenario: You’re sitting at your desk working on your laptop, getting ready to join a meeting. Three other people, sitting just a few feet away from you, also need to join the same meeting. So why not just go into a conference room? Easier said than done these days.

So now, you are all walking around the office, carrying your laptops, looking for an empty room or available space. While you all search the floor trying to decipher which rooms are reserved, you finally, settle on a huddle space, put your laptops next to each other and get the dreaded, “meeting join” echo.

And as with almost every meeting and collaboration situation, someone grabs a dry-erase pen and starts whiteboarding on a wall-board while another person provides audio commentary of what’s being written to the remote participants.

As you get closer to the end of the meeting, someone else gets the bright idea to point one of the laptop cameras at the board itself and then someone says, “Let’s take a picture of this board and email or post it in shared space.”

Why do we do this to ourselves?
Of course, you have ways to get around these; you can set up a “stitched together” video conferencing room – with iPads, USB-connected cams, and stuff from seven different vendors. You can have someone send help, spend an entire day stitching it together and then leave sticky notes and printouts on the wall with instructions. This is what you get when you don’t have a solution that can scale your workspaces and the way we meet today.

Now, imagine what it’s like when your collaboration cloud experience scales…
Actually, you don’t have to imagine what it’s like – it’s already possible with Webex. In fact, many of our customers have already started the workplace transformation journey with Webex and are seeing the benefits of cloud collaboration that actually scales. A poll conducted on Businesstech and Wystalk revealed that 14% of South African employees’ organisations use collaboration tools like a channel of communication.

Imagine a collaboration cloud service that scales

On a PC, iPad, or mobile device, simply click the green Webex “Join” button to start a live meeting. You realise four other colleagues sitting in the same area need to join, too, so you all simply move over to an adjacent huddle space.

In the room, the Webex video device, which supports video, audio and screen share, immediately recognises everyone in the meeting. The meeting is connected and displayed on the 55-inch screen with a single swipe of a finger. No dongles, no cables, no echo, and (even better) no one else needs to click anything. Everyone is automatically in the meeting, with laptops connected, ready to collaborate.

What if one of your colleagues needs to take the rest of the meeting in her car? Easy. She just swipes the meeting back to her mobile phone (with no disruption to anyone else) and walks to her car. Once inside and the engine has started, her Webex meeting automatically shifts into “driving mode” like any phone call.

And what’s a brainstorming meeting without some whiteboarding?

Simply walk to the Webex Board in the room and start ideating with everyone in the meeting – including remote participants. At the end of the meeting, you now have a digital copy of the whiteboarding session saved to the cloud, which you can later access on your phone or PC to resume where you left off – from any meeting space or even a different city altogether.

And, yes, the person who took the meeting from her car also has the whiteboard available by the time she logs back on as well. Webex provides a truly connected experience for everyone in the room and gives remote people easy instant access to the same material.

Scaling the experience means making the most of the workspace – including the screens and phones – to effectively participate, collaborate, and contribute with zero disruption, wherever you are and wherever you are going; being able to pick where you left off and always in the most natural way.

Garsen Naidu is the General Manager of Cisco South Africa

[Kenya] Internet Solutions partners with icolo.io to enhance its Data Centre Services Offering

Converged ICT Services Provider Internet Solutions has signed a partnership with IT infrastructure company, icolo.io, to boost its data centre and cloud services offering to their clients.

The partnership will see Internet Solutions provide colocation and cloud services within iColo’s Nairobi and Mombasa data centres in addition to its existing Nairobi Chancery facility. iColo.io designs builds and operates state of the art carrier-neutral data centers to serve a broad spectrum of clients.

Speaking during the signing, Internet Solutions’ Executive Head of Cloud and Business Consulting Richard Muthua said in this era of a data driven economy, it is important that businesses keep their data safe, secure and readily available when needed.

“It is with this knowledge that Internet Solutions continues to provide, amongst other solutions, data management and colocation through our network of data centers across Africa and globally. With this agreement, our clients stand to benefit from a fully managed colocation service, in a vendor agnostic, Tier 3 / PCI DSS/ISO 27001 certified data centre, leading to enhanced operational resiliency” he said. 

Muthua noted that Internet Solutions will also provide the option of fortifying client’s environment with the firm’s world class monitoring as a service that include Security monitoring and incident response, managed security services, Voice, Cloud PBX, managed data backup solutions, Business continuity and disaster recovery services, private, Hybrid and public cloud solutions.

Commenting on the partnership, iColo.io Chief Executive Officer Ranjith Cherickel said: “We are proud to be IS’s infrastructure partner in building world class connectivity products to serve enterprise consumers in Kenya. Our role is to provide services to a variety of new and existing customers.  In addition, we help create an environment for IS to interact with content delivery networks, enterprise customers and global connectivity partners. This agreement between IS and iColo.io is a step further, in providing a world class client-centric enterprise experience.”

With Internet Solutions and iColo working together, clients can now benefit from lower costs and improved resilience by securely housing their information systems and networking equipment in the facilities which are operated to global best practices by the two organisations.

www.is.co.ke

www.icolo.io

[Column] Kurt Goodall: Extending security to the cloud

Business leaders now have a choice whether they want to continue using their trusted firewall or move to a next-generation firewall delivered by appliances or as cloud services to protect the outer perimeter security in branch offices.

Troye technical director Kurt Goodall says Citrix offers various choices, from the long-established multi-site to the advanced multi-layered approach, both of which can protect users and data at the branches, data centre, and clouds from multi-vector cyber threats.

“Citrix SD-WAN Integrated Firewall complements your trusted firewall investment and strengthens overall security infrastructure. Citrix provides an integrated perimeter firewall that masks users and infrastructure from cyber surveillance,” he explains.

This integrated firewall has global policy control, supports zone-based policies so that you can implement granular micro-segmentation of traffic and enforce uniform policy consistently. Citrix SD-WAN can also intelligently track the fast-changing open ports from SaaS and IaaS apps as trusted traffic and directly breakout the traffic to the internet, enhancing application performance.

It marks all other traffic, such as web browsing, as untrusted and forwards it to the full security stack, typically located at the HQ or a private data centre. Citrix SD-WAN also takes extra precautions by encrypting all branch-to-branch egress traffic, even when it is transported over a private MPLS line

Goodall says Citrix SD-WAN automates connectivity to cloud security. “With most enterprises embarking on some form of cloud transformation, Citrix recommends extending perimeter security to the cloud, where apps and workloads reside.”

Citrix has partnered with industry leaders like Palo Alto Networks, Zscaler, and Symantec to deliver joint solutions that enable our SD-WAN to be a transparent gateway for Secure Web Gateway (SWG) service. Cloud-based SWG is a popular option for branch offices due to its simple and yet effective multi-layer protection.

Citrix SD-WAN management platform is the key component in this joint solution, providing on-boarding automation and a direct subscription link to Palo Alto Global Protect (aka Prisma) and Zscaler Secure Internet Gateway services. Through API automation, Citrix SD-WAN also secures the connectivity (via IPsec) from the branch to the Palo Alto, Zscaler and Symantec clouds.

The benefits of automation become more significant as more branch sites are involved, directly translating into time savings and reduction in configuration errors. Last but not least, Citrix provides this automated on-boarding capability free of charge.

In addition, cloud-based security also enables a new service-consumption model. It provides an option to shift to opex spending, which can be easily aligned with your business growth. There is no need to deploy security appliances at every branch. It also removes the need to build an in-house resource to manage the security infrastructure.

Kurt Goodall is the technical director at Troye Technical Solutions in South Africa.

[South Africa] Telkom forces customers to move to the cloud

Telkom is shutting down its ADSL copper network and is ultimately forcing its business customers to move to the cloud. This is part of Telkom’s strategy to migrate customers to a more stable network and similarly-priced products.

Local cloud telecom provider Euphoria Telecom is elated by this announcement but warns customers to take action before the final shutdown as it could leave them without any connection. It believes switching off the copper network will only benefit customers because of the enormous benefits and cost savings associated with cloud.

Unlike traditional business telephone systems that are pure capital expense (Capex), cloud-based systems are 100% tax deductible as an operational expense (Opex). More importantly, with cloud one only pays for what is required at any point in time.

Euphoria Telecom CEO John Woollam says business owners need to realise that traditional telephone systems are costly and inefficient. “With our cloud solution there are no contracts and customers can save up to 50% on their calls. And the system is easy-to-use with more than 200 powerful features including cutting-edge functionality and data rich reporting.”

Modern cloud telephone systems like Euphoria’s offering require no hardware and therefore no onsite support. This means there is no hardware to upgrade in order to take advantage of new features and technologies. Upgrades are provided seamlessly through software changes that happen automatically in the background.

Telephone costs represent one of the largest operational expenses for most businesses, but business owners have a very informal approach to this overhead. In order to optimise this expenditure, management should have the ability to quickly and effectively see cost reporting across the organisation.

Woollam says most companies are still unaware of their operational inefficiencies and this could mean the end for many businesses in today’s tight economy. “Without accurate information, it is nearly impossible for any business to address these inefficiencies and more importantly, to manage expenses.”

“The new version 3 of our Telephone Management System (TMS) is capable of significantly improving business efficiency with its workforce management capabilities. The system empowers businesses to control, manage, automate, personalise and analyse every aspect of a company’s phone system from one central point,” he explains.

Unlike the traditional phone systems that have limited functionality, Euphoria’s innovative cloud-based system offers multi-office coverage with remote extensions and mobile phone integration.

Euphoria provides all the communication features needed to keep business moving forward, from start-ups right through to established multi-franchise operations.

www.telkom.co.za

[South Africa] Troye announces new version of Veeam Backup for Microsoft Office 365

Managed IT services provider Troye has announced new backup solutions for Microsoft Cloud Platforms. These new Veeam solutions provide Microsoft users with additional data protection, scalability, and enhanced control of their cloud-based data.

Veeam, the leader in backup solutions that deliver Cloud Data Management, recently unveiled its NEW version of Veeam Backup for Microsoft Office 365 and previewed cloud-native Veeam Backup for Microsoft Azure with industry-first cloud cost estimator at Microsoft Ignite 2019.

The company also gave a sneak peek of a NEW cloud-native data protection solution for Microsoft Azure workloads, Veeam Backup for Microsoft Azure.

Troye technical director Kurt Goodall says the NEW Veeam Backup for Microsoft Office 365 v4 offers direct integration with Microsoft’s Azure Blob Storage. “With Office 365, Microsoft is responsible for the uptime of the Office 365 infrastructure, but backup and management of the data is the customer’s responsibility.”

“Companies that want to keep their Office 365 data in Azure, it gives them a cost-effective, scalable and secure solution to do so. This latest release also adds additional performance improvements for backing up Microsoft SharePoint and OneDrive for Business,” he explains.

Ease-of-use is built into the new Veeam Backup for Microsoft Azure with turn-key deployment via the Microsoft Azure Marketplace, while powerful recovery capabilities are also delivered with features like file-level recovery for native snapshots and Veeam backups.

An industry-first built-in cloud cost estimator tool will provide customers with greater cost controls and savings while integration with Veeam Backup & Replication will allow customers to take control of their cloud data by protecting and managing Azure backups alongside their cloud, virtual and physical data.

“With 114% year-over-year growth, Veeam Backup for Microsoft Office 365 continues to be the fastest growing product in Veeam’s history,” said Ratmir Timashev, Co-Founder and Executive Vice President of Sales & Marketing at Veeam.

“Just as in the on-premises days with customers backing up and protecting their data, the need persists with SaaS solutions to backup and protect this same critical information. Veeam Backup for Office 365 delivers on this need and with the rapid rise in adoption for Azure we’re seeing across our customer base, Veeam is excited to build from our work with Microsoft and deliver a native backup solution developed specifically for Azure-based workloads,” he adds.

NEW Veeam Backup for Microsoft Office 365 v4 enables IT decision makers from cloud-first companies who prefer to store their Office 365 backups in Azure a cloud-optimised solution leveraging cost-efficient Azure Blob Storage for doing so.

“As cloud storage becomes increasingly popular as a data backup strategy, Veeam’s support for Azure Blob Storage enables organisations to eliminate the need for on-premises storage, enabling faster RTOs, improving availability, reducing costs and accelerating our customer’s journey to the cloud,” said Tad Brockway, corporate vice president for Azure, Storage, Media and Edge, Microsoft Corp.

Significant benefits of the new version include the ability for customers to reduce costs with object storage and only pay for what is consumed; leverage unlimited scalability with unlimited storage capacity; and simplify deployment in the public cloud and no complex planning.

IDC Research Manager Archana Venkatraman says cloud is seen as the engine for business growth and innovation, and cloud spending across IaaS, SaaS and PaaS continues to grow at a fast rate. “As cloud applications such as Microsoft Office 365 become the centre of business productivity, excluding them from enterprise backup strategy is risky because the customer has the ultimate and exclusive responsibility for all business data wherever they reside.”

“Savvy enterprises are beginning to understand the risks of data loss in cloud applications due to ransomware or internal threats such as accidental deletions and identify SaaS data protection as a key priority. They are evaluating cloud-native backup solutions to protect and manage the data sprawl in their new cloud environments,” he concludes.

www.troye.co.za

Gemalto and Eseye launch World’s first IoT ‘device-to-cloud’ solution

Gemalto and Eseye have launched the world’s first IoT ‘device-to-cloud’ solution to simplify the process of onboarding an IoT device into AWS IoT Core securely

To realise the benefits of IoT, organisations need to navigate an enormously complex ecosystem and a fragmented value chain. With many development hurdles to cross, typically it can take an average of two years to launch a new IoT solution, while many projects are paralysed by complexity and even struggle to make it to market.

With the new Intelligent Cloud Connect solution, Eseye and Gemalto are fundamentally disrupting the IoT ecosystem with a collaborative IoT Connectivity Platform, which cuts through the complexity of IoT and enables new product development timelines to be reduced from 2 years to less than six months.

The foundation of this first solution developed in partnership is Gemalto’s ground-breaking Cinterion® PLS62-W Global IoT Module which comes pre-installed with Eseye’s market leading intelligent AnyNet Secure® SIM, also provided by Gemalto. Each AnyNet Secure® SIM comes pre-programmed to leverage Eseye’s unique network switching as a service platform, delivering near 100% global cellular connectivity. As each Intelligent Cloud Connect device is powered-on a dedicated embedded application automatically and securely connects directly to AWS IoT Core, delivering ‘plug and play’ global IoT connectivity.

Anand Gandhi, VP of Worldwide Channels & Alliances at Eseye, said “This partnership will change the way IoT devices are developed and deployed in the future. Intelligent Cloud Connect vastly reduces the complexities of creating an IoT device and then directly connecting it to the cloud, saving customers significant resources and time, whilst giving them a distinct competitive advantage. “

Andreas Haegele, VP IoT at Gemalto, a Thales company, notes “Our customers can now follow a quick and easy process to deliver IoT data securely to the cloud with confidence. It paves the way for massive innovation and marks a watershed moment for the IoT industry, which can now accelerate the deployment of secure IoT solutions at previously unachievable speeds.”

Intelligent Cloud Connect allows customers to develop a single IoT product SKU for any application that connects out-of-the-box on power-up to any mobile network in the world, while offering seamless and secure data provisioning to the AWS IoT Core. This means it is now possible to have an IoT device automatically activated and fully connected to AWS in less than 10 minutes.

The platform handles zero-touch IoT security certification with AWS IoT Core, as well as lifecycle device management, allowing customers to manage global device estates through a single pane of glass. With this solution the complexity of balancing bandwidth, data plans and negotiating multiple Mobile Network Operator (MNO) contracts is completely removed, providing customers with only one single bill for consumed MQTT messages, which can be conveniently purchased via the AWS marketplace.

www.eseye.com

www.gemalto.com