The Ping: Local Government and Cloud Services

July 8, 2019 Corie Bogan Leave a comment BUSINESS CONTINUITY, business management, cloud, compliance, PCI DSS, planning, safety, Security, The Ping

What is unique about a city or local governmental organization? Services must be tailored to a local government’s unique needs. Governments are subject to a strict budgeting process that generally can’t be altered throughout the fiscal year. Any additional items not on these budgets, in which costs exceed a specific price point, are subject to a bidding process; sometimes this can take place even before being finalized in the budget. Furthermore, all items are subject to an open records request. We realize that this month we’re talking about a very specific set of customers. That does not mean non-city customers should set your alarm for August 1st and tune out for July. We consistently write our articles so that they contain helpful information that anyone can utilize in order to help make your organization a better and more efficient workplace.

2FA

When searching for a cloud-based vendor, one of the most important requirements to inquire about is whether or not they have two-factor or multi-factor authentication capabilities. Considering the current uptake in government ransomware incidents, cities must be diligent in proactively allowing only permitted employees to access their software and network. In The Ping: 2FA, we discussed what this process is. Multi-factor authentication is a mechanism of confirming one’s identity using a combination of at least two factors or methods from the list below:

  • Something ONLY you know (a password or an answer to a question)
  • Something ONLY you possess (a key fob or a cell phone that generates a time expired key code)
  • Something ONLY you are (a fingerprint or an iris scan)

This helps create an extra line of defense against hackers trying to obtain access to the network. Also, as a city you are most likely required to stay compliant under one or more agencies. Multi-factor authentication is required by CJIS (also known as Advanced Authentication in CJIS), PCI and HIPPA compliancy.

Business Continuity

The importance of being prepared in case something does happen to your network infrastructure has been communicated again and again. However, have you stopped and thought about what happens if a cloud vendor you rely on for your day-to-day operations goes offline? Do these vendors have a business plan in place, and do they make this accessible to their customers? Cities aren’t the only entities vulnerable to attack. The vendors that provide services to your organization can also fall victim. When choosing a vendor, ensure they have a business continuity plan in line with what you would apply to your own organization’s goals.

  • Vendors need reliable backups and should disclose where they are backing up to
    • Are their backups only local, or are they also offsite?
  • Do they have a Disaster Recovery Plan? Do they have a Business Continuity Plan?
  • In the event something does go wrong, does the vendor you’ve chosen have a Security Plan that they’ve made their employees aware of?

Obtaining a new cloud vendor may seem like an abundance of work at first, but if you start your search with a checklist of what you need, it will ultimately save your company time. Cloud services are intended to make your life easier; if this seems overwhelming, let us help! We ensure that every cloud vendor we partner with is compliant with all of the above criteria. As always, speak to your account manager today to figure out what you need to select the right vendor!

 Your UniVista Team
*Celebrating 20 Years of Customer Satisfaction*