1
00:00:00,000 --> 00:00:05,000
Definitely going to be fall.

2
00:00:05,000 --> 00:00:11,840
I love the briskness of our region and everything like that.

3
00:00:11,840 --> 00:00:19,360
And then just being able to put on a light coat to stay warm, you're not sweating, I

4
00:00:19,360 --> 00:00:23,360
absolutely hate Florida weather because it's hot and humid and there's nothing you can

5
00:00:23,360 --> 00:00:24,520
do about it.

6
00:00:24,520 --> 00:00:33,040
I like the dry heat down in places like Utah, Arizona, but when it's 120 degrees it's just

7
00:00:33,040 --> 00:00:34,040
brutal.

8
00:00:34,040 --> 00:00:42,760
So the nice crispness came back recently from a vacation in fall from Florida and you step

9
00:00:42,760 --> 00:00:49,560
off the jetway from the plane and you just get that big blast of cold crisp air.

10
00:00:49,560 --> 00:00:54,840
That's the thing I really enjoy the most is the cool crisp air.

11
00:00:54,840 --> 00:01:01,520
So you're true to Minnesota where you're saying it's not about the heat, it's about the humidity.

12
00:01:01,520 --> 00:01:03,360
That's what makes the difference.

13
00:01:03,360 --> 00:01:04,360
Yeah.

14
00:01:04,360 --> 00:01:05,360
Nice.

15
00:01:05,360 --> 00:01:07,640
Well, Kelsey, what's your favorite season?

16
00:01:07,640 --> 00:01:12,840
I know, I'm going to say, I'm going to totally piggyback on Nate that even if it's not a

17
00:01:12,840 --> 00:01:18,880
season, that like one or two days that we get of like 70 to 75 where the humidity is not

18
00:01:18,880 --> 00:01:23,720
there, the wind's not super high that you can go outside and you're like, yeah, I can

19
00:01:23,720 --> 00:01:28,720
wear a sweater and it's enjoyable to be outside and the bugs haven't hatched yet.

20
00:01:28,720 --> 00:01:31,400
That's definitely the ideal weather day 100%.

21
00:01:31,400 --> 00:01:32,400
Yeah.

22
00:01:32,400 --> 00:01:33,400
Yeah.

23
00:01:33,400 --> 00:01:34,400
And Jake?

24
00:01:34,400 --> 00:01:37,400
I got to say, fall as well.

25
00:01:37,400 --> 00:01:39,640
Are we all going to say fall?

26
00:01:39,640 --> 00:01:44,040
Just campfire weather and yeah, I open in the windows at night and everything's nice and

27
00:01:44,040 --> 00:01:45,720
cool in the morning.

28
00:01:45,720 --> 00:01:46,840
Nothing beats that.

29
00:01:46,840 --> 00:01:51,720
So if you find a spot where we get fall year around, tell me or don't tell me if you don't

30
00:01:51,720 --> 00:01:52,720
want me to leave.

31
00:01:52,720 --> 00:01:56,000
But I think I might run there if you can find it.

32
00:01:56,000 --> 00:02:00,120
I think Jake and I are going to have to go dirt biking and have a campfire this fall.

33
00:02:00,120 --> 00:02:05,960
So find a weekend, Nate, sign me up anytime.

34
00:02:05,960 --> 00:02:06,960
Perfect.

35
00:02:06,960 --> 00:02:11,440
I was going to say like fall as well.

36
00:02:11,440 --> 00:02:12,840
I mean, we're all saying fall.

37
00:02:12,840 --> 00:02:16,800
I love the change in colors, like the cool weather.

38
00:02:16,800 --> 00:02:17,800
It's just perfect.

39
00:02:17,800 --> 00:02:18,800
Yeah.

40
00:02:18,800 --> 00:02:22,360
We're all up here in the Midwest loving it.

41
00:02:22,360 --> 00:02:27,040
But if you're listening on YouTube, we'd love for you to comment below what your favorite

42
00:02:27,040 --> 00:02:29,680
season is, what your favorite weather is.

43
00:02:29,680 --> 00:02:35,520
And today on our Tech for Business podcast, we're talking about the clouds, not that kind

44
00:02:35,520 --> 00:02:36,520
of cloud.

45
00:02:36,520 --> 00:02:39,160
We're talking about network and cloud security.

46
00:02:39,160 --> 00:02:45,160
We're joined by Nate, our director of cybersecurity and Jake, our assistant director of services.

47
00:02:45,160 --> 00:02:49,160
And I'll kind of throw it out to them.

48
00:02:49,160 --> 00:02:54,600
Why is the cloud security, why is the cloud security important for businesses?

49
00:02:54,600 --> 00:02:59,040
Yeah, I'd say it's a very important topic to cover now.

50
00:02:59,040 --> 00:03:03,080
We're seeing an unbelievable amount of customers move to the cloud away from that local infrastructure.

51
00:03:03,080 --> 00:03:05,360
It's the first place they want to go.

52
00:03:05,360 --> 00:03:10,960
A few customers want to remain on premise for some things, but I would say 95 to 100%

53
00:03:10,960 --> 00:03:15,800
of our customers are able to move a segment of their infrastructure to the cloud, right?

54
00:03:15,800 --> 00:03:19,000
So it's important for us to talk about security and make sure that we're provisioning them

55
00:03:19,000 --> 00:03:21,520
in a secure environment as they move forward.

56
00:03:21,520 --> 00:03:25,560
So they have a good foundation for their systems as they move there.

57
00:03:25,560 --> 00:03:26,560
Yeah.

58
00:03:26,560 --> 00:03:30,680
I think I'm going to, before I jump all the way down into the security and everything

59
00:03:30,680 --> 00:03:34,840
is maybe quick reiterating what the cloud is.

60
00:03:34,840 --> 00:03:35,840
Yes.

61
00:03:35,840 --> 00:03:36,840
Thank you.

62
00:03:36,840 --> 00:03:41,840
Yeah, there's a lot of people where it's so common these days that we just say the cloud,

63
00:03:41,840 --> 00:03:43,960
people know what that means.

64
00:03:43,960 --> 00:03:48,200
It is not floating up in the sky, right?

65
00:03:48,200 --> 00:03:52,360
Ariel already stopped me from calling out all the different types of actual meteorological

66
00:03:52,360 --> 00:03:55,160
clouds because I was doing that before we recorded.

67
00:03:55,160 --> 00:04:03,880
But no, it's rather than running a server in your building or data center or something,

68
00:04:03,880 --> 00:04:14,000
you're leasing or running a system or computing from another provider, right?

69
00:04:14,000 --> 00:04:17,800
So there's a lot of different ways that you could go about this, right?

70
00:04:17,800 --> 00:04:22,760
As the cloud could just be running at a vendor's data center, right?

71
00:04:22,760 --> 00:04:24,120
It's still in a data center.

72
00:04:24,120 --> 00:04:29,400
It's just not your data center all the way to, they're running the actual computers, you're

73
00:04:29,400 --> 00:04:35,120
running the programs on top of it and then all the way to a software as a service, which

74
00:04:35,120 --> 00:04:40,960
is they run all of the applications, the hardware, you just go to a website to be able to access

75
00:04:40,960 --> 00:04:41,960
it.

76
00:04:41,960 --> 00:04:45,600
So, you know, things like Office 365, right?

77
00:04:45,600 --> 00:04:47,580
That's a software as a service.

78
00:04:47,580 --> 00:04:54,080
It's running in the cloud, which means Microsoft's data centers, we just access it from a website.

79
00:04:54,080 --> 00:04:55,080
So.

80
00:04:55,080 --> 00:05:02,800
Otherwise, yeah, Jake, I guess maybe, do you want to maybe talk a little bit about why are

81
00:05:02,800 --> 00:05:04,560
so many people moving to the cloud?

82
00:05:04,560 --> 00:05:07,640
You know, what, you help lead our entire cloud team.

83
00:05:07,640 --> 00:05:11,880
So, you know, what's the main motivators for customers for you?

84
00:05:11,880 --> 00:05:14,360
There's various motivators.

85
00:05:14,360 --> 00:05:19,720
One of the primary ones of the last couple of years is moving to a cloud-based solution

86
00:05:19,720 --> 00:05:24,120
for the remote workforce to have easier capability of utilizing their applications.

87
00:05:24,120 --> 00:05:29,080
You know, we at CIT have taken, you know, leaps to get into that environment, which allows

88
00:05:29,080 --> 00:05:34,840
our workforce to be able to be able to use all the applications and utilities that they

89
00:05:34,840 --> 00:05:37,560
used to have to be in the office for a connect over a VPN.

90
00:05:37,560 --> 00:05:44,760
Now we've allowed that to be accessed easy, but also in a secure manner.

91
00:05:44,760 --> 00:05:49,880
Other motivators moving to the cloud, I'd say, is, you know, aging hardware, aging operating

92
00:05:49,880 --> 00:05:51,280
systems.

93
00:05:51,280 --> 00:05:55,560
Companies wanting to move to more of an operational expense and get away from that capital expense

94
00:05:55,560 --> 00:06:00,760
of purchasing a server, migrating the services to it, and letting it sit there for another

95
00:06:00,760 --> 00:06:02,320
five years and then maintaining that.

96
00:06:02,320 --> 00:06:07,000
A lot of that overhead and backend maintenance that they're used to doing with a traditional

97
00:06:07,000 --> 00:06:11,760
server, some of that gets alleviated by moving to like an Azure-based system, right?

98
00:06:11,760 --> 00:06:16,600
Or even a software as a service-based solution like Microsoft 365 email.

99
00:06:16,600 --> 00:06:20,280
Now we don't have to patch an exchange server and do things like that.

100
00:06:20,280 --> 00:06:25,040
And have an engineer spend a weekend running a cumulative update on a server.

101
00:06:25,040 --> 00:06:26,880
Those days are gone for those technologies.

102
00:06:26,880 --> 00:06:33,400
So say those are kind of the two big points for moving to the cloud that I'm seeing.

103
00:06:33,400 --> 00:06:34,400
Awesome.

104
00:06:34,400 --> 00:06:35,400
Yeah.

105
00:06:35,400 --> 00:06:42,200
The OPEX versus CAPEX is a big component there, you know, and that's even bleeding

106
00:06:42,200 --> 00:06:44,560
over into security solutions these days.

107
00:06:44,560 --> 00:06:50,240
So for example, in the past, your security appliance that used to sit there and monitor

108
00:06:50,240 --> 00:06:55,920
the network, you know, you'd pay the big beefy log storage device, you have it all sitting

109
00:06:55,920 --> 00:06:59,880
there and, you know, like Jake said, every five years, potentially you're sitting there

110
00:06:59,880 --> 00:07:03,800
replacing it with another server for that log retention.

111
00:07:03,800 --> 00:07:11,240
Now a lot of this is hosted in the vendors data center or data lake.

112
00:07:11,240 --> 00:07:16,800
And then from there, you pay it more of a per-monthly basis for access, you know, and

113
00:07:16,800 --> 00:07:22,360
so depending on how many users you have, they predict how many logs it'll generate.

114
00:07:22,360 --> 00:07:24,680
And then that's what helps determine the price.

115
00:07:24,680 --> 00:07:29,320
So even security now is becoming very predictable in pricing.

116
00:07:29,320 --> 00:07:36,080
So, you know, as an organization, you're projecting, let's say, five to 10% growth.

117
00:07:36,080 --> 00:07:39,840
You just know that your security costs and everything else are also going to grow by

118
00:07:39,840 --> 00:07:41,440
five or 10%.

119
00:07:41,440 --> 00:07:46,480
So, speaking of that growth, right, along with cloud com scalability, right, we can

120
00:07:46,480 --> 00:07:50,360
provision additional resources without having to purchase additional servers, right, to

121
00:07:50,360 --> 00:07:51,360
do that.

122
00:07:51,360 --> 00:07:56,240
We can spin up multiple user accounts, virtual servers, things like that as we need it.

123
00:07:56,240 --> 00:07:58,200
And then we can, of course, scale that back too.

124
00:07:58,200 --> 00:08:02,960
So we have tax clients, right, or who are running taxes and they get very busy for a

125
00:08:02,960 --> 00:08:04,840
certain period of time.

126
00:08:04,840 --> 00:08:09,480
We can give them larger, higher-resourced virtual machines that they can run for that

127
00:08:09,480 --> 00:08:10,480
period of time.

128
00:08:10,480 --> 00:08:13,880
And then in their off-season, we can bring those down a little bit and save on the cost

129
00:08:13,880 --> 00:08:14,880
with that.

130
00:08:14,880 --> 00:08:19,080
So lots of flexibility with those types of resources.

131
00:08:19,080 --> 00:08:23,120
I think that's a great call-out that you can go backwards to, right, and start reducing

132
00:08:23,120 --> 00:08:27,760
that cost, you know, as long as the value still is there.

133
00:08:27,760 --> 00:08:34,360
So, one of the things that I wanted to talk a little bit about this is, you know, Jake

134
00:08:34,360 --> 00:08:40,160
did a lot of talking about, you know, as the remote workforce is starting to go, sorry,

135
00:08:40,160 --> 00:08:45,040
now that they're remote, you know, we have more connections coming into the network.

136
00:08:45,040 --> 00:08:50,360
So bringing it all the way back, and, you know, there's a whole podcast that I go deep,

137
00:08:50,360 --> 00:08:52,120
deep, deep into Zero Trust.

138
00:08:52,120 --> 00:08:53,400
What's a few other individuals.

139
00:08:53,400 --> 00:08:55,640
I promise I won't bore you here with that.

140
00:08:55,640 --> 00:09:02,840
But in the past, organizations had a castle mentality, right, as you had the walls of

141
00:09:02,840 --> 00:09:04,040
the building.

142
00:09:04,040 --> 00:09:06,720
That was the perimeter.

143
00:09:06,720 --> 00:09:13,800
As you're adopting more and more cloud technologies, that perimeter really starts to become a little

144
00:09:13,800 --> 00:09:19,200
bit of a quasi-grey area, right, as, you know, where is our edge now?

145
00:09:19,200 --> 00:09:26,480
And so, you know, no longer is it just, we have the walls, there's a mainframe sitting

146
00:09:26,480 --> 00:09:28,240
in the server room.

147
00:09:28,240 --> 00:09:32,280
You have to physically walk up to it, put it in, you know, type in your info.

148
00:09:32,280 --> 00:09:37,480
Now, you know, we've introduced VPNs, all that kind of stuff.

149
00:09:37,480 --> 00:09:39,240
Now we have cloud solutions.

150
00:09:39,240 --> 00:09:47,320
So now what we're starting to see in the cloud environment is that the physical walls of

151
00:09:47,320 --> 00:09:53,960
the organization, or maybe, you know, the physical walls in the VPN tunnel, is no longer your

152
00:09:53,960 --> 00:09:56,120
perimeter anymore.

153
00:09:56,120 --> 00:10:01,320
Now it's the access to those resources is the new perimeter.

154
00:10:01,320 --> 00:10:07,840
So there's a whole, I don't remember if I did a podcast on it, maybe it's coming up,

155
00:10:07,840 --> 00:10:10,360
about identity and access management.

156
00:10:10,360 --> 00:10:17,480
So identity and access management is a whole component about not just trusting that, you

157
00:10:17,480 --> 00:10:24,080
know, the user, but, you know, the multi-factor, the behaviors that are happening, tying all

158
00:10:24,080 --> 00:10:30,320
that in together, and then making sure that everything checks out before you grant access

159
00:10:30,320 --> 00:10:34,040
to, you know, one of these applications.

160
00:10:34,040 --> 00:10:41,680
And so now to scale that to, you know, 50, 70, you know, 200 different applications that

161
00:10:41,680 --> 00:10:47,000
you have within your environment, we can quickly see potentially where this complexity starts

162
00:10:47,000 --> 00:10:50,000
to come.

163
00:10:50,000 --> 00:10:54,240
I'll probably take a little pause there because I can keep going.

164
00:10:54,240 --> 00:10:58,880
But as you can start to see is it was very, very simple before with those, the physical

165
00:10:58,880 --> 00:11:07,360
walls now are becoming so deeply interconnected with how data is flowing, how, you know, we're

166
00:11:07,360 --> 00:11:09,080
logging into everything.

167
00:11:09,080 --> 00:11:13,960
It's becoming more of a web rather than just a castle.

168
00:11:13,960 --> 00:11:15,960
So yeah.

169
00:11:15,960 --> 00:11:21,040
I think we can speak to some of the networking security features that we should be implementing

170
00:11:21,040 --> 00:11:22,760
when we're moving to a cloud-based solution.

171
00:11:22,760 --> 00:11:28,120
You know, some of the listeners that have the conventional background of managing your

172
00:11:28,120 --> 00:11:31,680
environment and your network and having a firewall sitting there to protect you from

173
00:11:31,680 --> 00:11:33,120
the outside world.

174
00:11:33,120 --> 00:11:35,240
What does that look like if you were to move to Azure today?

175
00:11:35,240 --> 00:11:38,560
What kind of things do we have to keep in mind when we start talking about that type

176
00:11:38,560 --> 00:11:40,760
of a migration?

177
00:11:40,760 --> 00:11:44,240
So in a lot of ways, some of the, I lost my light here.

178
00:11:44,240 --> 00:11:46,040
Sorry about that.

179
00:11:46,040 --> 00:11:52,160
In a lot of ways, the networking security inside of Azure has some similarities with an on-premise

180
00:11:52,160 --> 00:11:53,720
environment, right?

181
00:11:53,720 --> 00:11:55,040
We're spinning up resources.

182
00:11:55,040 --> 00:11:57,520
They have an internet connection out.

183
00:11:57,520 --> 00:12:02,800
We also have to sometimes allow internet connections into these servers for various servers that

184
00:12:02,800 --> 00:12:06,440
we may be running off of it, you know, web-based servers and things like that.

185
00:12:06,440 --> 00:12:11,960
So there's means of doing, you know, web application firewalls to sit in front of these resources.

186
00:12:11,960 --> 00:12:15,120
And Nate, maybe you'll speak to that a little bit later on.

187
00:12:15,120 --> 00:12:20,240
But there's things that we can do in limiting inbound port access to our servers that we

188
00:12:20,240 --> 00:12:26,800
have running inside of Azure, making sure we don't have our 443 ports opened up just

189
00:12:26,800 --> 00:12:29,520
to anybody in the world because we're testing something.

190
00:12:29,520 --> 00:12:30,520
We made it work, right?

191
00:12:30,520 --> 00:12:33,320
We have to shut those things down and make sure we're not leaving those holes open to

192
00:12:33,320 --> 00:12:38,640
our resources and things that we need to check as we manage these resources moving forward

193
00:12:38,640 --> 00:12:42,720
and just do just constant security checks on those resources and making sure they're

194
00:12:42,720 --> 00:12:44,000
secure.

195
00:12:44,000 --> 00:12:49,600
When it goes to accessing those resources, a lot of times we're doing that from an office

196
00:12:49,600 --> 00:12:50,840
that you may still have, right?

197
00:12:50,840 --> 00:12:54,680
You may still have users that are coming in and still working at your office location.

198
00:12:54,680 --> 00:12:58,360
And they want to access those resources, but we want to make it as easy as we can for them

199
00:12:58,360 --> 00:12:59,840
to do those things, right?

200
00:12:59,840 --> 00:13:05,520
So we can still implement our traditional VPN solutions to connect your on-premises networks

201
00:13:05,520 --> 00:13:10,680
to your cloud networks and allow that seamless, accessible service for your end users, but

202
00:13:10,680 --> 00:13:15,520
still keep those resources isolated from the outside world so that they can't be accessible

203
00:13:15,520 --> 00:13:18,720
from people outside of your organization.

204
00:13:18,720 --> 00:13:23,240
Another way of accessing resources within Azure is via just a direct point-to-site VPN

205
00:13:23,240 --> 00:13:24,240
client, right?

206
00:13:24,240 --> 00:13:26,320
So maybe we don't want them to be in the office.

207
00:13:26,320 --> 00:13:29,880
They want to work from home and still access the server.

208
00:13:29,880 --> 00:13:32,960
Particular customer in mind today, they don't want to open up a web server to the internet

209
00:13:32,960 --> 00:13:33,960
for various reasons.

210
00:13:33,960 --> 00:13:38,720
They're not able to put secure logins to this web application just because it's not that

211
00:13:38,720 --> 00:13:42,920
technologically advanced to support that with multi-factor authentication.

212
00:13:42,920 --> 00:13:48,880
Or doing this for this particular client is we're keeping that 4.4.3 web access restricted

213
00:13:48,880 --> 00:13:53,680
to your internal network and then putting a VPN client on the workstations to directly

214
00:13:53,680 --> 00:13:57,920
connect to Azure so they can access those resources over a private tunnel.

215
00:13:57,920 --> 00:14:03,400
So there's a lot of conventional technologies that we can still utilize within the Azure

216
00:14:03,400 --> 00:14:09,320
space to connect your users, where we get into more of the modern, you know, username,

217
00:14:09,320 --> 00:14:11,840
password, multi-factor authentication things.

218
00:14:11,840 --> 00:14:16,480
We start getting into your software as a service-based solutions, things where you're accessing that

219
00:14:16,480 --> 00:14:17,680
via a web page, right?

220
00:14:17,680 --> 00:14:25,040
And we need the way there's a security on that to make sure that we're safe moving to

221
00:14:25,040 --> 00:14:26,040
those.

222
00:14:26,040 --> 00:14:27,040
That was a lot.

223
00:14:27,040 --> 00:14:30,320
I'm trying to think about where I wanted to take that.

224
00:14:30,320 --> 00:14:34,800
I guess just because you called it out, I will touch a little bit on what that the web

225
00:14:34,800 --> 00:14:36,320
app firewall is.

226
00:14:36,320 --> 00:14:41,600
So similar to a traditional firewall, right?

227
00:14:41,600 --> 00:14:47,840
It's assessing the traffic coming in and blocking the unwanted traffic.

228
00:14:47,840 --> 00:14:51,760
You can take that same concept to your websites.

229
00:14:51,760 --> 00:14:54,640
So maybe this is your public website.

230
00:14:54,640 --> 00:14:58,320
Maybe it's some type of critical application that you have.

231
00:14:58,320 --> 00:15:02,320
Oftentimes what we're seeing in the security space is people are scanning websites all

232
00:15:02,320 --> 00:15:05,040
the time looking for vulnerabilities.

233
00:15:05,040 --> 00:15:08,040
If you're on WordPress, take a look.

234
00:15:08,040 --> 00:15:15,240
There's always some new WordPress plugin that is compromised or contains malware, that stuff.

235
00:15:15,240 --> 00:15:19,200
It's super critical to keep your plugins up to date.

236
00:15:19,200 --> 00:15:25,440
But going back to the WAF or the web app firewall, is it sits in front of your website?

237
00:15:25,440 --> 00:15:30,280
So when someone does try and exploit some of this, right?

238
00:15:30,280 --> 00:15:32,920
I'll just take the basics.

239
00:15:32,920 --> 00:15:37,360
Maybe you have a little SQL database on the back end containing customer info that you're

240
00:15:37,360 --> 00:15:39,160
collecting, right?

241
00:15:39,160 --> 00:15:42,880
Please give me your email address, password, all that stuff.

242
00:15:42,880 --> 00:15:44,920
And then the database stores it.

243
00:15:44,920 --> 00:15:50,880
There's a tax called SQL injections where you can try and get the database to provide

244
00:15:50,880 --> 00:15:55,040
that data back to the attacker in an unauthorized way.

245
00:15:55,040 --> 00:15:59,440
Well, the web app firewall is going to see those types of attacks.

246
00:15:59,440 --> 00:16:05,680
And before it goes to the website, the firewall will deny that traffic while still allowing

247
00:16:05,680 --> 00:16:11,080
the traditional approved behaviors on your website.

248
00:16:11,080 --> 00:16:13,480
So really, really powerful stuff.

249
00:16:13,480 --> 00:16:20,240
Here at CIT, it's been a little bit since I last looked at it, but I believe we're blocking

250
00:16:20,240 --> 00:16:24,160
close to 2,000 attacks a day on our own website, right?

251
00:16:24,160 --> 00:16:27,960
And we're not a big company, but it's just constant, right?

252
00:16:27,960 --> 00:16:34,600
So oftentimes bots or just automated computers are just running across the website testing

253
00:16:34,600 --> 00:16:38,760
to see if there is something vulnerable out there.

254
00:16:38,760 --> 00:16:45,720
So, otherwise, maybe one of the other things just from a networking standpoint, there's

255
00:16:45,720 --> 00:16:48,160
some really cool tools coming out.

256
00:16:48,160 --> 00:16:55,280
So as organizations continue to shift to the cloud more and more and more, and specifically

257
00:16:55,280 --> 00:16:59,800
related to networking is the wireless access.

258
00:16:59,800 --> 00:17:02,280
So there's some really, really cool stuff that's coming.

259
00:17:02,280 --> 00:17:08,840
So here at CIT, again, we're getting rid of all the servers on our network, right?

260
00:17:08,840 --> 00:17:14,600
And so one of those servers is, how do you grant access to the wireless network?

261
00:17:14,600 --> 00:17:20,160
Well, one of the next evolutions, you know, in terms of maturity of an organization as

262
00:17:20,160 --> 00:17:25,000
well, is getting to certificate-based authentication.

263
00:17:25,000 --> 00:17:31,160
And now there's solutions out there that they'll run that server up in the cloud, and it'll

264
00:17:31,160 --> 00:17:35,080
integrate with all of your other services to be able to push this certificate out to

265
00:17:35,080 --> 00:17:36,640
your devices.

266
00:17:36,640 --> 00:17:39,560
So that way you know that these are trusted devices.

267
00:17:39,560 --> 00:17:46,400
And then when you try and go access the wireless, it already shares that certificate with the

268
00:17:46,400 --> 00:17:49,360
wireless, and so it can automatically log in.

269
00:17:49,360 --> 00:17:54,000
What that helps you do then is you're only providing that to your trusted devices.

270
00:17:54,000 --> 00:17:59,160
You can start pairing that potentially with the user that's logged into that system.

271
00:17:59,160 --> 00:18:02,800
If someone was known to be compromised, you can revoke that certificate.

272
00:18:02,800 --> 00:18:05,400
They no longer have access.

273
00:18:05,400 --> 00:18:11,960
But then at the same time, you've reduced all the concerns of some sitting in the parking

274
00:18:11,960 --> 00:18:15,280
lot, brute forcing your password, trying to get in.

275
00:18:15,280 --> 00:18:20,080
So, you know, as we're talking about things like the finance, the healthcare, right?

276
00:18:20,080 --> 00:18:24,160
You guys are, if you have wireless, it is heavily audited.

277
00:18:24,160 --> 00:18:29,120
They don't like people just having a pre-shared key that's, then you could just grant that

278
00:18:29,120 --> 00:18:33,080
access to one of the patrons or, you know, the customers to come into the network and

279
00:18:33,080 --> 00:18:35,800
access the internal network.

280
00:18:35,800 --> 00:18:42,440
Taking even the traditional server infrastructure for that level of networking is all moving

281
00:18:42,440 --> 00:18:44,120
to the cloud as well.

282
00:18:44,120 --> 00:18:46,680
It's very, very powerful.

283
00:18:46,680 --> 00:18:49,520
And which then ties back into security as well.

284
00:18:49,520 --> 00:18:51,480
So, the...

285
00:18:51,480 --> 00:18:56,920
I was going to say really quickly, I'm just going to interject because, right, loved all

286
00:18:56,920 --> 00:19:00,760
of the tech talk for somebody who doesn't work in that every single day, and maybe for

287
00:19:00,760 --> 00:19:04,160
a few listeners who are not technical staff, but maybe that's not on their plate and they're

288
00:19:04,160 --> 00:19:08,120
going, okay, yeah, I want to use Office 365.

289
00:19:08,120 --> 00:19:09,440
I want to start using that.

290
00:19:09,440 --> 00:19:11,360
What does that look like to first get started?

291
00:19:11,360 --> 00:19:14,600
And then how would you even know to implement all those security things?

292
00:19:14,600 --> 00:19:18,760
Because, right, I get to learn all these tools from you guys, but how would other people

293
00:19:18,760 --> 00:19:20,600
know which tools they need?

294
00:19:20,600 --> 00:19:25,640
So, I would say Microsoft is starting to get ahead of this a little bit.

295
00:19:25,640 --> 00:19:29,480
And they're enabling things called security defaults on their tenants moving forward,

296
00:19:29,480 --> 00:19:30,480
right?

297
00:19:30,480 --> 00:19:34,760
And having multi-factor authentication isn't as much of an option anymore because Microsoft

298
00:19:34,760 --> 00:19:37,800
is enabling this on the tenants by default, right?

299
00:19:37,800 --> 00:19:43,080
So, they're doing levels of that sort of protection on there by default.

300
00:19:43,080 --> 00:19:44,880
Yeah.

301
00:19:44,880 --> 00:19:50,600
And I would still say it's great that Microsoft is doing it.

302
00:19:50,600 --> 00:19:52,280
Other vendors aren't, right?

303
00:19:52,280 --> 00:20:00,360
And so, one of the challenges there, and here at CIT, I say this all the time, is an effective

304
00:20:00,360 --> 00:20:09,040
approach to just IT in general or cybersecurity is it takes three things to be truly effective.

305
00:20:09,040 --> 00:20:16,000
Is the technology that you have has to be the right technology, the processes, and the

306
00:20:16,000 --> 00:20:17,000
people.

307
00:20:17,000 --> 00:20:24,000
So, essentially, it still is going to require someone to know what they're doing and is

308
00:20:24,000 --> 00:20:29,960
experienced with the configurations of those to make sure that it's truly effective.

309
00:20:29,960 --> 00:20:35,120
And so, that's where I'm going to selfishly take this back and say, if you need help,

310
00:20:35,120 --> 00:20:43,280
talk to CIT because mistakes happen all the time because someone wasn't familiar with

311
00:20:43,280 --> 00:20:45,920
how to do something, they roll it out.

312
00:20:45,920 --> 00:20:49,880
I just dealt with this, I think, two months ago.

313
00:20:49,880 --> 00:20:53,560
Customer wanted to go implement multi-factor, they thought they knew, they realized that

314
00:20:53,560 --> 00:20:59,760
they forgot to close down a back door that doesn't support multi-factor, had an account

315
00:20:59,760 --> 00:21:01,400
compromise as well.

316
00:21:01,400 --> 00:21:07,560
And again, that comes down to, we know that because we do it all the time.

317
00:21:07,560 --> 00:21:15,160
And I guess the last thing that I'd say about this is there's a organization out there called

318
00:21:15,160 --> 00:21:23,600
OWASP, what they do is they measure, kind of year to year, over a couple of years, what

319
00:21:23,600 --> 00:21:29,280
are the top 10 security risks to web applications?

320
00:21:29,280 --> 00:21:31,920
So as we're talking about the cloud.

321
00:21:31,920 --> 00:21:36,440
So from in 2017, it was very on-prem focused.

322
00:21:36,440 --> 00:21:42,160
In 2021, when they released this, everything really started to change around.

323
00:21:42,160 --> 00:21:46,680
And if I just, I pulled up a picture of it here.

324
00:21:46,680 --> 00:21:53,560
Number four was, oops, sorry, number one jumped all the way up to broken access control.

325
00:21:53,560 --> 00:22:01,480
So again, granting access to those cloud infrastructure, talking about the identity as your new perimeter.

326
00:22:01,480 --> 00:22:06,080
Number four was brand new, it jumped all the way from something below to the top 10 was

327
00:22:06,080 --> 00:22:07,720
insecure design.

328
00:22:07,720 --> 00:22:11,640
So as Jake is talking about, how do we move you from one place to the next?

329
00:22:11,640 --> 00:22:16,600
There's an architecture that comes with that to make sure it's done properly and securely.

330
00:22:16,600 --> 00:22:18,240
So that was brand new.

331
00:22:18,240 --> 00:22:21,680
And then number five was security misconfiguration.

332
00:22:21,680 --> 00:22:28,120
So there's a, I think I read somewhere where within Microsoft, if you wanted to get into

333
00:22:28,120 --> 00:22:33,600
all the different configurations, there's hundreds of thousands of settings to go through.

334
00:22:33,600 --> 00:22:35,280
It's massive.

335
00:22:35,280 --> 00:22:36,380
And that's just Microsoft.

336
00:22:36,380 --> 00:22:42,360
Now you take it to the other 80 applications that you own, you can get really, really deep

337
00:22:42,360 --> 00:22:43,360
into the weeds.

338
00:22:43,360 --> 00:22:48,000
But as we can see, there's a giant shift to people are deploying things in an insecure

339
00:22:48,000 --> 00:22:53,200
fashion and they don't go through all the settings to ensure that it's locked down properly,

340
00:22:53,200 --> 00:22:58,600
tying that back into, it now takes a village to be able to truly manage your IT.

341
00:22:58,600 --> 00:23:00,960
You can't just do it alone, right?

342
00:23:00,960 --> 00:23:03,720
And we take the same mentality here at CIT.

343
00:23:03,720 --> 00:23:06,840
We don't just have one net admin anymore.

344
00:23:06,840 --> 00:23:11,400
We have a fleet of engineers that are managing even our internal network.

345
00:23:11,400 --> 00:23:12,720
Yeah.

346
00:23:12,720 --> 00:23:16,600
And we still have to take into consideration our end users, right?

347
00:23:16,600 --> 00:23:20,760
Keeping an eye on those emails that are coming in and being diligent to check those for authenticity

348
00:23:20,760 --> 00:23:24,400
and making sure that what they're getting is true and legitimate.

349
00:23:24,400 --> 00:23:28,000
So I don't know that those days will ever go away, but right now we still have to pay

350
00:23:28,000 --> 00:23:30,200
attention to those, right?

351
00:23:30,200 --> 00:23:31,200
Mm-hmm.

352
00:23:31,200 --> 00:23:33,000
No, that makes sense.

353
00:23:33,000 --> 00:23:36,760
I'm going to be the time clock here person and say, we've got about five minutes left,

354
00:23:36,760 --> 00:23:41,080
so I want to open the floor to both of you to say, is there any advice, any less thoughts

355
00:23:41,080 --> 00:23:45,440
for any business owners about anything talked about today or anything that we haven't talked

356
00:23:45,440 --> 00:23:46,680
about yet?

357
00:23:46,680 --> 00:23:51,840
Do you want to go first, Nate, or do you want me to go first?

358
00:23:51,840 --> 00:23:52,840
You can go first.

359
00:23:52,840 --> 00:23:53,840
I've talked enough.

360
00:23:53,840 --> 00:23:54,840
All right.

361
00:23:54,840 --> 00:23:55,840
Yeah.

362
00:23:55,840 --> 00:23:58,360
So it's a common trend to move to the cloud, right?

363
00:23:58,360 --> 00:24:02,280
And it's a conversation that we love to have with our customers in helping you design

364
00:24:02,280 --> 00:24:03,480
how do we get there?

365
00:24:03,480 --> 00:24:07,440
It's not an immediate migration for everybody to where they can get there tomorrow.

366
00:24:07,440 --> 00:24:12,000
A lot of times there are stages and phases to these things, but we can certainly get

367
00:24:12,000 --> 00:24:19,960
you in the right, say, development plan to get you to a cloud-based solution today and

368
00:24:19,960 --> 00:24:22,120
get rolling in a secure fashion too.

369
00:24:22,120 --> 00:24:26,320
Like Nate said, there's numerous things that have to be configured correctly from the get-go

370
00:24:26,320 --> 00:24:29,240
to ensure you're secure within that system.

371
00:24:29,240 --> 00:24:33,680
It's great that Microsoft is enabling multi-factor authentication right off the get-go, but there

372
00:24:33,680 --> 00:24:38,720
are things that we can do as far as securing your sign-ins to only the United States, maybe

373
00:24:38,720 --> 00:24:42,400
Canada if we wanted to extend that, blocking out foreign countries and be able to sign-in

374
00:24:42,400 --> 00:24:48,080
to your tenant, advanced auditing and logging of your user logins and sign-ins and looking

375
00:24:48,080 --> 00:24:53,120
for those that are coming from unknown IP addresses throughout the country.

376
00:24:53,120 --> 00:24:54,120
What do we want to do with those?

377
00:24:54,120 --> 00:24:56,120
Do we want to treat those as risky behavior?

378
00:24:56,120 --> 00:24:57,120
Right?

379
00:24:57,120 --> 00:25:02,320
And as far as moving to Azure, we love to sit down and have these conversations and talk

380
00:25:02,320 --> 00:25:06,120
through what does that migration plan look like for you?

381
00:25:06,120 --> 00:25:10,600
We end up leaving those conversations a lot of times with the customer having a mindset

382
00:25:10,600 --> 00:25:12,040
of here's how we should migrate it.

383
00:25:12,040 --> 00:25:15,720
By the time we get through it, we pick apart a lot of pieces and things that we can move

384
00:25:15,720 --> 00:25:19,280
to other secure utilities that are cloud-based solutions.

385
00:25:19,280 --> 00:25:24,240
So now we have a much smaller handful of things that we need to actually migrate to Azure

386
00:25:24,240 --> 00:25:25,320
insecure.

387
00:25:25,320 --> 00:25:30,880
So if we can pick apart what we have on premise today and put those into secure solutions and

388
00:25:30,880 --> 00:25:36,000
have a smaller amount of things that we need to migrate to, say, an Azure place, makes

389
00:25:36,000 --> 00:25:42,080
our set of our boundaries and walls a lot smaller that we have to cover on those systems.

390
00:25:42,080 --> 00:25:44,240
Yeah.

391
00:25:44,240 --> 00:25:50,960
I think probably my kind of closing thoughts is completely agree with Jake is these are

392
00:25:50,960 --> 00:25:54,000
not overnight changes.

393
00:25:54,000 --> 00:26:00,120
Here at CIT, I know that we've had at least three years since I remember being deeply

394
00:26:00,120 --> 00:26:02,080
involved in it.

395
00:26:02,080 --> 00:26:06,840
Planning are very, very heavy cloud security focus.

396
00:26:06,840 --> 00:26:08,760
And it's been a challenge to get there.

397
00:26:08,760 --> 00:26:15,640
There's a lot of roadblocks that you face along the way, but it's been a lot of architecture

398
00:26:15,640 --> 00:26:20,280
and planning on the steps that it will take to get us there.

399
00:26:20,280 --> 00:26:23,920
And a lot of consulting with other people.

400
00:26:23,920 --> 00:26:27,640
I don't think on a vacuum here at CIT either.

401
00:26:27,640 --> 00:26:30,680
But that would be the big thing there.

402
00:26:30,680 --> 00:26:35,600
And then I'm going to take this all the way back to the NIST cybersecurity framework.

403
00:26:35,600 --> 00:26:36,800
We've talked about it many times.

404
00:26:36,800 --> 00:26:39,600
It's blasted all over the website.

405
00:26:39,600 --> 00:26:47,480
But as we're talking about cloud and how one of the issues is now instead of just one server,

406
00:26:47,480 --> 00:26:53,400
one application, one environment, now you have potentially hundreds of different applications

407
00:26:53,400 --> 00:26:55,800
bringing it back to the NIST cybersecurity framework.

408
00:26:55,800 --> 00:27:00,600
If you remember, the first step to be able to protect your environment is to identify

409
00:27:00,600 --> 00:27:01,760
what you have.

410
00:27:01,760 --> 00:27:06,800
You have to know what applications are being in the, using the environment.

411
00:27:06,800 --> 00:27:13,480
Do you have things like shadow IT, which is the concept of people using unauthorized resources

412
00:27:13,480 --> 00:27:18,320
for business use that aren't authorized.

413
00:27:18,320 --> 00:27:23,480
So maybe you're a one drive shop and someone's using Dropbox, right?

414
00:27:23,480 --> 00:27:30,040
You have to know that because the sprawl of your data, the sprawl of the potential access

415
00:27:30,040 --> 00:27:33,640
to the network just becomes wider and wider and wider.

416
00:27:33,640 --> 00:27:36,920
And it's only going to continue down that path.

417
00:27:36,920 --> 00:27:40,160
We see no slowdown of people moving to the cloud.

418
00:27:40,160 --> 00:27:51,600
So ask for help, be okay with not knowing everything because it's so broad these days.

419
00:27:51,600 --> 00:27:55,520
Jake knows way more than I do when it comes to certain topics and I know more than him

420
00:27:55,520 --> 00:27:58,120
on other topics.

421
00:27:58,120 --> 00:28:05,040
And then again, just identify what you have so you can actually protect it long term.

422
00:28:05,040 --> 00:28:06,040
That's the best conclusion.

423
00:28:06,040 --> 00:28:07,920
I was like, you summarized it for me.

424
00:28:07,920 --> 00:28:08,920
So thank you.

425
00:28:08,920 --> 00:28:10,880
Amazing, but thank you, Nate.

426
00:28:10,880 --> 00:28:14,480
If you need any networking or cloud, Jake is your man, not me.

427
00:28:14,480 --> 00:28:16,680
So security though, call Nate.

428
00:28:16,680 --> 00:28:18,880
Don't call me.

429
00:28:18,880 --> 00:28:20,600
Love the cross promotion, but thank you, Nate.

430
00:28:20,600 --> 00:28:24,240
And thank you, Jake for sitting down and talking about networking cloud security.

431
00:28:24,240 --> 00:28:28,560
As we've said multiple times, if anybody has any questions, needs help, just wants to have

432
00:28:28,560 --> 00:28:31,160
a conversation to go, how do I even get started?

433
00:28:31,160 --> 00:28:32,160
Is anything secure?

434
00:28:32,160 --> 00:28:34,840
Even if you're not, we do service Minnesota, Western Wisconsin.

435
00:28:34,840 --> 00:28:38,280
If you're outside of that area, we do have an entire network of people that we can get

436
00:28:38,280 --> 00:28:40,240
you connected with that we trust.

437
00:28:40,240 --> 00:28:43,200
That's just one of the people, right, that we reach out to to say, hey, what is everybody

438
00:28:43,200 --> 00:28:44,440
else doing in the space?

439
00:28:44,440 --> 00:28:46,760
So we've got connections by all means.

440
00:28:46,760 --> 00:28:47,760
Reach out.

441
00:28:47,760 --> 00:28:53,480
You can find us online at CIT-net.com, backslash podcast, which shout out, we now have a newsletter

442
00:28:53,480 --> 00:28:54,480
subscription out there.

443
00:28:54,480 --> 00:28:57,680
So if you want to get first dibs on new episodes, that's my marketing spiel.

444
00:28:57,680 --> 00:28:58,680
Go out there.

445
00:28:58,680 --> 00:29:01,160
I swear we're not going to spam you one time a week.

446
00:29:01,160 --> 00:29:07,120
And then you can also email us at info at CIT-net.com or else thank you everybody and

447
00:29:07,120 --> 00:29:08,880
we'll be back next week with another episode.