fbpx
 

Blog

Blog

G7CR Technologies wins 2019 Microsoft Country Partner of Year Award for India

We are pleased, honored and humbled to accept the Microsoft Partner of the Year 2019 award and to join the past recipients, who we have long admired and competed with, in all earnestness.

 

The Microsoft Country Partner of the Year Awards honor partners at the country level who have demonstrated business excellence in delivering Microsoft solutions to multiple customers over the past year. This award recognizes G7CR Technologies as succeeding in effective engagement with its local Microsoft office while showcasing innovation and business impact, driving customer satisfaction, and winning new customers. Awards were presented in several categories, with winners chosen from a set of more than 2,900 entrants from 115 countries. G7CR Technologies was recognized for providing outstanding solutions and services, as well as representing excellent subsidiary engagement in India.

 

Speaking on the occasion, Gavriella Schuster, Corporate Vice President, One Commercial Partner, Microsoft Corp said: “We are honored to recognize G7CR Technologies of India as a Microsoft Country Partner of the Year. G7 CR Technologies has distinguished itself as an exemplary partner, demonstrating remarkable expertise and innovation to help customers achieve more.”

Dr. Christopher Richard, Founder and Managing Director, G7CR Technologies, said, “Our business focus is quite simple — creating value for our customers, partners, and employees. Receiving the Microsoft Country Partner of the Year Award is a significant acknowledgment of our value-driven services.”

We started G7CR Technologies with a single mission to add value to our customers. In this process, we have realized that with each step, we ourselves have gotten richer. Today when we are recognized by Microsoft as the 2019 Winner for The Country Partner of the year, our feeling is that of deep gratitude. We acknowledge and thank all our customers and Microsoft for giving us the opportunity to serve and partner with them. We would also like to thank each of our employees, without whom this milestone would not have been possible. This award tells us that we are on the right path and we shall continue our mission of adding value to our customers on each step of our interaction.

Cloud Security – Important security steps you need to implement

 

Cloud Security – Important security steps you need to implement

Once a wise man said, “Better Safe Than Sorry”

 

Get $3,000 worth of security assessment free



There are many instances where the vulnerabilities are exploited either due to the insufficient precautions taken by the companies or the superior expertise of the attackers.

In recent times, one of a major and well-known Indian food-service player came under such attack. We have kept the company name anonymous as this example is taken not to degrade the company but to simply understand and thereby learn from the simple mistakes which can very easily be prevented.

 

Lesson 01: Setup Backup

It is very obvious that when you are running operations at such a large scale, you always create the backup. But creating the backup on a different server was not so obvious, at least in this case. One of the major mistakes that this company committed was to back up the data in the same server. But once the server was breached, the data including the backup was doomed to be compromised. So, always create the backup of your data and create it in a place which is different from the original data.

Lesson 02: Setup Least Privilege Policies

Another vulnerability, in this case, was that access to most of its IT facilities was available online and on any device with internet access. This could have been one of the ways from where the attackers may have penetrated the system. It is always a good practice to restrict the access to on-premises company assets whenever possible and only to those employees who need to use the resources. Not putting all the data on the public domain is a wise decision. So, restrict the access of users on need basis and keep the data within the organization and restrict the public access as much as possible. It would be useful to use Privilege Identity Manager, Restrict Network access, Setup Location-based access policies to keep the vulnerabilities to the minimum.

 Lesson 03: Encrypt your data

A very important lesson which is very evident in this case is that the company never encrypted any of its data. If the data was encrypted, then even if it was captured by the unauthorized accounts, it would not have leaked the sensitive information. So, a very important lesson here is to keep your data encrypted. This should be done for both in transit as well as at rest. This will ensure that even in the case of a data breach, your data is not accessible to the attackers.

Lesson 04: Use a strong password and change them frequently

According to the recent Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work. The report finds a staggering “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” It is very surprising to find the number of instances where the breach was caused due to not any sophisticated hacking technique, but with the help of simple guesswork. The Dropbox data breach resulting in 60 million user credentials being stolen started with an employee reusing a password at work – it’s that simple. Many hackers use a technique where they use many probable passwords and, in many cases, this technique works. A simple habit of choosing a strong password and changing it frequently goes a long way to save you from one of the most common vulnerabilities.

Lesson 05: Use Alerting and Monitoring systems

A constant monitoring of the surroundings of the business would be a robust way of protecting your organization from probable vulnerabilities. The organization should define the state of normalcy and setup alerting and monitoring systems in case of detection of any anomalies from the normal pattern. Web application firewall for Azure Application Gateway is one great example of such a robust system. Azure Application Gateway offers a web application firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. With this system in place, you can monitor attacks by using a real-time WAF log. The log is integrated with Azure Monitor to track WAF alerts and easily monitor trends. A WAF solution can react to a security threat faster by centrally patching a known vulnerability, instead of securing each individual web application. Existing application gateways can easily be converted into firewall-enabled application gateways.

We would like to mention one more not so famous, but very important example of cloud security of Code Spaces. Code Spaces is not a well-known company. Its hack didn’t affect millions of people. But It is interesting because it’s an example of a company put completely out of business by a single cloud security incident. The hacker compromised Code Spaces’ Amazon Web Services account and demanded a ransom. When the company declined, the hacker started destroying their resources until there was barely anything left.

We have identified the following 7 critical cloud security threats.

Data breach A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion. The risk of a data breach is not unique to cloud computing, but it consistently ranks as a top concern for cloud customers. According to CSO Online, data breaches exposed 5 billion records in 2018.

DDoS attacks A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic.

Insider threats Insider threats to cloud security are also underestimated. Most employees are trustworthy, but a rogue cloud service employee has a lot of access that an outside cyber attacker would have to work much harder to acquire. A recent research report noted, “53% of organizations surveyed confirmed insider attacks against their organization.”

Insecure APIs Application Programming Interfaces are important software components for cloud services. In many cloud systems, APIs are the only facets outside of the trusted organizational boundary with a public IP address. Exploiting a cloud API gives cyber attackers considerable access to your cloud applications. This can be a major challenge.

Account hijacking Using stolen credentials, attackers may gain access to critical areas of cloud computing services, compromising the confidentiality, integrity, and availability of those services.

Spectre & Meltdown Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs.

Human error According to Jay Heiser, research vice president at Gartner, “Through 2020, 95% of cloud security failures will be the customer’s fault.” This then becomes the biggest chance of any vulnerability possible when it comes to security. So, once again the most important step that you can take to secure your cloud environment is to make sure that all the guidelines and procedures laid down by the different agencies and your cloud service provider are followed properly.

As we have seen, the cloud computing environment is very dynamic and so are the threats. The systems are evolving literally every day and better security measures are coming in place every day. In a way, the systems are getting secure with each passing day, but with it, the capabilities of the attackers are also getting stronger. With the evolving system, the attackers may also find better ways to breach into the system and so it becomes very essential to stay updated with the latest developments on the security front and keep monitoring your systems all the time. This may require a constantly evolving expertise and experience in monitoring, detecting and thereby eliminating any possible threats. We, at G7 CR Technologies, have a dedicated team that handles all these threats. A team that is up day and night, available 24×7, for 365 days in a year. A team that has relevant experience and expertise to keep you safe from any security threat. We have kept hundreds of customers safe from such threats over the years and we know what it takes to make such commitment and keep it. We provide a wide range of Security & Governance Services. We help our customer build secure hosting architecture and manage security systems end to end, keeping them updated and protected from potential vulnerabilities. So, if you are worried or unsure about your cloud security, feel free to reach out to us and we promise to make it secure.

How to Use Technology to Boost Your Business?

Resource, a key word for any SME or startup. Something which is in limited quantity but required manifold. How do you fight resource constraint and still ensure smooth, seamless, business process? The answer is technology.

Technology has the power to give more ROI than even the smartest investment plan. The reason: scalability. By investing in the right kind of technology, SMEs and startups can create value for themselves and for their clients.

Continue reading “How to Use Technology to Boost Your Business?”

What is Shadow IT & How to Protect Your Business From It?

Technology makes collaboration easy. When it comes to workplace, collaboration is required more than ever. We need to be on the same page with our colleagues, employees, clients, and vendors. The many collaboration apps in the marketplace makes this happen very easily. You have real-time notifications and documents on the cloud to skim through when you need them. But where does Shadow IT come in, in this scenario?

Continue reading “What is Shadow IT & How to Protect Your Business From It?”

Technology Funding – Business Apps for SMEs

Custom business apps are the need of the hour. We are currently dwelling in a world that is seeing a surge in the number of startups and SMEs. More and more businesses are coming up with innovative ideas and solutions to address service gaps that we find around us. These SMEs have visions and opportunities but often they don’t have the right technology in hand to make most of these opportunities.

Continue reading “Technology Funding – Business Apps for SMEs”

7 Points to Consider While Choosing the Best Cloud Service Provider for your Business

With multiple public cloud services providers competing in the space, choosing the best cloud service provider for your business is indeed a tough call.

Before moving on to the criteria on the basis of which the CSPs should be chosen, let us look at the key cloud service providers, in today’s market: they are Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP). Although there are many other players in the market, as well, but these three are currently ruling the CSP market.

Continue reading “7 Points to Consider While Choosing the Best Cloud Service Provider for your Business”

Making the Most of Cloud Computing: Managed Cloud Service Providers

If you are a small business, a startup, or even an SME, chances are that you have given cloud computing some thought. If you are one of those businesses that believe in staying ahead of the game, you might already be hosting on the cloud instead of using a physical datacenter.

Continue reading “Making the Most of Cloud Computing: Managed Cloud Service Providers”