4 Tips for Ensuring Compliance in the Cloud in 2020

Cloud Computing is well understood as a great method for increasing the speed of deployment and agility of managing IT infrastructure. For these reasons, the migration to and utilization of Cloud Computing continues to grow in both large enterprises and small businesses. However, this move towards increased use of the cloud – especially public cloud services – has increased the pressure for greater data protection regulations across the globe.

Unless you work for a very large organization that can cost justify developing and maintaining a private cloud infrastructure, utilizing Cloud technologies will mean relying on one or more public Cloud Service Providers (CSPs).39percent-of-IT-Decision-Makers-Consider-Themselves-Responsible

Recent high-profile data breaches have brought the risks associated with storing personally identifiable information (PII) into the limelight (i.e., the 2017 Equifax breach, the 2019 CapitalOne breach). Yet, the question of who is ultimately responsible for regulatory compliance remains a significant area of confusion. According to a recent study, only 39 percent of IT decision-makers considered themselves responsible for the compliance of data stored on cloud services. This is an incredibly dangerous mindset to possess, as by law, the ultimate responsibility for regulatory compliance remains firmly in the hands of the data owner – not the CSP.

Which Compliance Regulations Matter in the Cloud

The cybersecurity and data privacy compliance regulations that affect your company are dependent upon the industries in which you operate. Examples include federal government (FedRAMP), manufacturing (GMP), healthcare (HIPAA), real estate (CFPB), and financial services (FINRA, NYDFS). So, which regulatory requirements do you have to worry about in the cloud? The simple answer is the same ones that apply to your business already. Depending on your company’s industry, geographic location, and business function, this could be a range of compliance regulations, including:

  • National Institute of Standards and Technology (NIST)
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Financial Industry Regulatory Authority (FINRA)
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • Federal Information Security Management Act (FISMA)
  • Sarbanes-Oxley Act of 2002 (SOX)

It is important to understand how your data and processes within your cloud service are affected by all of the applicable regulations, including data storage and retention policies, user access and password policies, and Most of these compliance frameworks require periodic testing of your IT operations, as well as ongoing monitoring to ensure constant It is important to understand the requirements While the responsibility for maintaining compliance lies solely within your organization, you don’t have to take on this burden completely alone. The good news here is that a consultant or managed IT services provider can guide you through the compliance challenges to meet the necessary laws and regulations.

When it comes to ensuring that your cloud operations will be in compliance with the regulatory requirements of your business, here are a few key tips…’

4 Tips for Ensuring Compliance in the Cloud

1. Realize a Compliant Provider Will Not Make You Automatically Compliant

Depending on which regulation you are subject to, you may be required to use a cloud service provider that is certified with those regulations. But it is important to note that using a compliant provider does not in and of itself make your business compliant automatically. You still have to use the service in a compliant manner; it is your responsibility to ensure the provider maintains regulatory controls on an ongoing basis. And you still have to maintain compliance for your own IT operations which connect to the cloud service provider.

2. Know Where Your Data Will be Stored

Some compliance regulations have geographic restrictions on where certain types of data can be stored and processed. For example, the European Union Data Protection Directive requires personal data to remain within the borders of the EU or a third-party country that offers adequate protection based on their previously defined security standards. This can pose a very large challenge if your CSP operates data centers and stores your data around the world. There is good news here: being aware of this caveat is a large part of the battle. All reputable cloud service providers are aware of this issue and offer geographical nodes that customers can select for their data to reside in as a part of their service offering.

3. Understand Access Control

A large portion of regulatory IT compliance stems from ensuring proper controls are in place over who has access to what data in the system. During a compliance audit, you must be able to prove the level of access that each user has and how those various levels are maintained. Your CSP must be able to provide you with documentation outlining how the implement separation of duties for administrative functions. They must also be able to provide clear documentation showing which users had access to which systems when, and what data and systems were able to be accessed by each user.

4. Know Your Service Level Agreement (SLA)

Regardless of what compliance regulations you are subjected to, don’t assume your CSP’s terms and conditions will satisfy your requirements alone. You should know the details and fine print of your cloud services contract inside and out. Again – the sole responsibility of compliance in the cloud is ultimately up to you, not your provider. Your SLA should be very clear on roles and responsibilities, incidence response execution, and data breach remediation. Everything in the SLA must be in accordance with the regulations governing your business. The finer points of an SLA are able to be negotiated with the service provider before signing. Just don’t wait until you have signed to realize that all your bases are not covered.

The good news about ensuring compliance within your Cloud environment is that legitimate service providers will be able to provide the right service for you to meet your governing regulations. That said, you need to know how to apply the regulations properly to how you are using the cloud service. If you are concerned about your regulatory compliance in the cloud services you are using, we recommend bringing in a 3rd party IT service provider, such as Montra.

Montra’s cloud experts can examine your current cloud operations, navigate you through the best options for establishing full compliance, as well as monitoring your compliance over time.

For more information about how Montra can help with your cloud compliance, contact us today.

 

10 Ways to Stay Safe As We Return to Work

In the last week or so the national conversation has shifted from sheltering in place to returning to work. Slowly and carefully, but we are opening back up. Now is the time to remain vigilant to the constant threats to your business from ransomware and malicious attacks.

In a recent article, Google stated that since January it has seen a 350% increase in phishing attacks, and they saw more than 18 million daily malware and phishing emails related to COVID-19 scams just in the past week. That’s on top of the more than 240 million daily spam messages it sees related to the novel coronavirus.

And it is not just companies that are getting overwhelmed. According to their own report, the FBI fielded 2,047 ransomware complaints in the U.S. in 2019. In response the crushing load of root cause investigations, the FBI has turned to corporate leaders and cybersecurity insurance carriers to better understand how to stop ransomware attacks.

The best course of action, is to proactively protect your organization from being attacked successfully. Making certain of that is a complex problem that is specific to each company, but we have created some quick tips to help you remember how to keep cybercriminals out of your IT operation.

10 Tips to Keep Cybercriminals Out

  1. Get the Facts. Stay away from the rumor mill and use information from reliable sources to make business decisions in chaotic times.
  2. Think Twice before Clicking Links. Make sure staffers are on the lookout for suspicious links that can lead to ransomware.
  3. Be Suspicious of Unexpected Attachments. Ensure users only open attachments from proven, trusted sources no matter how “official” that attachment looks.
  4. Automate Compliance. Have one less thing to worry about by choosing a dynamic web portal system that keeps track of everything.
  5. Protect those Passwords. Encourage safe password practices like using a password manager and not writing them on sticky notes.
  6. Beware of Strange Networks. Make staffers aware of the dangers of logging in from insecure public and home WiFi networks andhow to use them safely.
  7. Use Two-factor Authentication. An extra layer of security keeps passwords and data safe.
  8. Keep an Eye on the Bad Guys. Monitor the Dark Web to watch for company data so a problem can be addressed before it becomes a crisis.
  9. Stay Current on Threats. Work with a responsive partner that’s on top of today’s challenges.
  10. Ask for Help. Consult a security expert to plan effective strategies and get innovative solutions.

10 Tips to Keep Cybercriminals Out

So, while we seek continued improvements in our collective situations both professional and personal, continue to keep your guard up against ransomware and malicious attacks on your IT operation.

If you would like to learn more about how Montra can help you with these or other security threats, please contact us at info@montra.io.

 

Service Desk Analyst

Service Desk Analyst

Atlanta, GA

Category: Support

Type: Full-time

Montra Solutions is an ambitious next-generation managed IT services provider with plans to revolutionize a $200B global industry. This is no ordinary startup. We have a proven management team that has successfully built and exited multiple software and managed service companies. We are seeking intelligent and motivated people with great upbeat energy and a passion for serving our customers well. We need people who want to get stuff done, but who are also smart enough to figure out new ways to automate and accelerate the work that we do. We like competing and winning, and we know that by constantly improving what we do we will continue to win and grow.

Montra is currently seeking a highly skilled Service Desk Analyst with the drive and determination to help us support our growing client base. We are seeking a problem-solver with a proven track record of working within a team to successfully address challenging IT issues. This position will include identifying customer issues and utilizing a structured problem management and resolution process to remediate them within established SLAs.

This position requires dedication, persistence, follow-up, effective use of available resources, and a desire to deliver great customer service. Candidates must be energetic and motivated to learn new technologies and services. The position reports to the Director of Service Operations.

RESPONSIBILITIES:

  • Utilize our remote monitoring and management (RMM) and professional services automation (PSA) tools along with other service-specific tools and technologies to deliver great customer support
  • Manage, maintain, troubleshoot and support our customer’s systems, networks, software, SaaS, security and cloud services.
  • Collaborate with NOC staff, engineering, field technicians, and external vendors to resolve service issues.
  • Act as an externally facing point of contact with customers and vendors during issue resolution.
  • Act as an internally facing point of contact to escalate issues and communicate resolution status.
  • Oversee and execute planned maintenance work, minimizing impact to services
  • Prepare and present service monitoring reports to management.
  • Participate in ongoing manufacturer and certification training.

REQUIRED QUALIFICATIONS:

  • Proficiency in MacOS and Windows Systems in an Enterprise environment
  • Excellent knowledge of our supported software, services and technologies
  • Strong interpersonal skills to effectively communicate with users and vendors
  • Passion for teamwork, continuing education, problem solving and exceptional customer service
  • Ability to learn quickly and adapt to changing requirements
  • Strong English-language written and oral communications skills
  • Outgoing, organized, detailed-oriented, dependable and flexible
  • Background check and drug screen required

PREFERRED QUALIFICATIONS:

  • Microsoft Certified Professional status
  • Experience with HP, Cisco, VMware and Citrix technologies a plus
  •  Knowledge and experience with server hardware and OS (Linux, Windows), security and networking
  • Knowledge and experience with virtual server technologies (VMWare/Hyper-V/Citrix)
  • Network certifications such as CCNA/CCNP/CCIE.

EDUCATION REQUIREMENTS:

  • Bachelor of Science or Engineering in EE/CS/CE. In lieu of degree, 4 years of relevant work experience.

WORKING AT MONTRA SOLUTIONS

We are building a dynamic environment that includes software development and service operations to support our rapidly growing customer base. Our customers are looking to us to provide rock-solid reliability of their hybrid IT operations, so that their applications and data are available, protected, and in compliance. We are utilizing the latest technologies to integrate disparate IT silos and automate support workflows across the entire IT operation of our customers. We are pushing the envelope for how IT services can be reliably managed and scaled, and we a looking for people that are passionate about taking this journey with us.

YOU WANT TO TALK TO US IF…

  • You have a passion for delivering great customer service.
  • You like innovating for reliability, availability and security.
  • You are motivated by disrupting the norm.
  • You thrive in the frenetic energy of a startup.

WHAT WE OFFER

  • Competitive salary
  • Full benefits coverage
  • Professional development stipend
  • Flexible work environment
  • Modern vacation policies

Montra Solutions is an equal opportunity employer and encourages people of all backgrounds, genders, ethnicities, abilities, and sexual orientations to apply. We are committed to being an inclusive place to work, while maintaining a workforce that represents the communities we serve. Learn more about us at

www.montra.io/careers.

Senior Security Engineer

Senior Security Engineer

Atlanta, GA

Category: Service Delivery

Type: Full-time

Experience: Senior Level

Montra Solutions is an ambitious next-generation managed IT services provider with plans to revolutionize a $200B global industry. This is no ordinary startup. We have a proven management team that has successfully built and exited multiple software and managed service companies. We are seeking intelligent and motivated people with great upbeat energy and a passion for serving our customers well. We need people who want to get stuff done, but who are also smart enough to figure out new ways to automate and accelerate the work that we do. We like competing and winning, and we know that by constantly improving what we do we will continue to win and grow.

Montra is building a modern, ‘born in the cloud’ application suite that is implemented in cloud-native functions on both Azure and AWS. As a key member of our team, your skills will be expanded by working with leading-edge services on the latest platforms on the planet.

As a Senior Security Engineer at Montra Solutions, you will ensure our customers’ posture is designed, configured, and managed reliably and securely. Systems under management include security information and event management (SIEM), firewalls, IDS/IPS, end-device security, dark web scanning, and file encryption solutions. We’re looking for an engineer that enjoys building and managing scalable security solutions and working with our customers as their needs change and grow.

RESPONSIBILITIES:

  •  You will design, implement and manage SIEM solutions for Montra’s customers.
  • You will manage secure solutions for cloud, on-premise and hybrid environments.
  • You will own security monitoring and scanning processes for multiple Montra customers.
  • You will serve as a key member of Montra’s information security team.
  • You will investigate security incidents and report findings to leadership.
  • You will be an advocate for security services at Montra.

REQUIRED QUALIFICATIONS:

  • 4+ years of experience engineering and administering security technologies
  • Experience managing event monitoring, including log management and AlienVault SIEM
  • Experience coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities.
  • Experience with vulnerability management, identifying threats and Incident response.
  • Knowledge of networking protocols and addressing schemes, e.g., DNS, HTTP, and TLS TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc.
  • Demonstrated ability to establish relationships and build rapport with colleagues and customers at all levels.
  • Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management
  • Qualified candidates must be eligible to work in the United States. We are not able to provide visa sponsorship for this position.

PREFERRED QUALIFICATIONS:

  • Bachelor’s degree in a technical field or 8 years of equivalent work experience.
  • Relevant certifications such as CISSP, CEH, GPEN, GSEC, OSCP, vendor credentials from relevant vendors, etc.
  • Experience securing and monitoring Linux hosts in AWS or other cloud providers (GCP, Azure.)
  • Solid and demonstrable understanding of Docker and Kubernetes.
  • Some programming and/or scripting experience in any language or scripting tool.
  • Experience automating security tools and processes.
  • Experience defining how logs should be parsed and writing new correlation rules.
  • Understanding of endpoint security solutions including DLP, EPP, file integrity monitoring.
  • Experience with anti-virus software, intrusion detection and prevention, next-generation firewalls, and content filtering technologies.
  • Experience planning and developing security policies, procedures, and standards.
  • Experience in designing secure networks, systems, and application architectures.

 

WORKING AT MONTRA SOLUTIONS

We are building a dynamic environment that includes software development and operations to support multiple customers. Our customers are looking to us to provide rock-solid reliability of their hybrid IT operations so that their applications and data are available when they need it. We are utilizing the latest technologies to integrate disparate IT silos and automate support workflows across the entire IT operation of our customers. We are pushing the envelope for how IT services can be reliably managed and scaled, and we a looking for people that are passionate about taking this journey with us.

YOU WANT TO TALK TO US IF…

  • You have a passion for delivering great customer service
  • You like innovating for reliability, availability, and security
  • You are motivated by disrupting the norm
  • You thrive in the frenetic energy of a startup

WHAT WE OFFER

  • Competitive salary + equity
  • Full benefits coverage
  • Professional development stipend
  • Flexible work environment
  • Modern vacation policies

Montra Solutions is an equal opportunity employer and encourages people of all backgrounds, genders, ethnicities, abilities, and sexual orientations to apply. We are committed to being an inclusive place to work while maintaining a workforce that represents the communities we serve. Learn more about us at www.montra.io/careers.

Montra Solutions Named a Top 40 Innovative Technology Company

Montra Honored for Innovation and Contributions to the State’s Technology Community by Technology Association of Georgia

ATLANTA — (FEBRUARY 7, 2020) — Montra Solutions, a software-enabled managed IT services provider, has been named one of the Top 40 Innovative Technology Companies in Georgia by The Technology Association of Georgia (TAG), the state’s leading association dedicated to the promotion and economic advancement of Georgia’s technology industry.

TAG’s Top 40 Awards recognize Georgia-based technology companies for their innovation, financial impact, and their efforts at spreading awareness of Georgia’s technology initiatives throughout the U.S. and globally.

“The 2020 Top 40 finalists are an elite group of innovators who represent the very best of Georgia’s Technology community,” said Larry K. Williams, president & CEO of TAG. “The 2020 Top 40 finalists are shining examples of what makes our state such a hotbed for technology and we applaud them for standing out as leaders in Georgia’s technology community.”

This year’s Top 40 were selected from among over 100 applications submitted by companies from across Georgia. Companies selected for the “Top 40” will be showcased in an exhibition at The Summit 2020 on March 3-4, 2020, at the Cobb Galleria Centre.

“This year’s Top 40 was more competitive than ever,” said Dennis Zakas, managing partner of Zakas & Leonard, LLP and chairperson of the Top 40 Selection Committee. “In our quest to showcase the most innovative companies in Georgia, we had to make hard decisions, resulting in the exclusion of numerous deserving companies, many of which had been recognized as a Top 10 company in the past. The companies that we selected this year are truly outstanding.”

“We are thrilled that Montra has been named one of the top innovative companies in Georgia. Our business is based on delivering world-class IT management by providing service automation and analytics through our VIA platform,” said Scott Ryan, CEO of Montra Solutions. “This recognition from TAG is another indication that our dedication to modernizing managed IT services delivery is paying off.”

The event will feature internationally recognized keynote speakers, the Top 40 and Top 10 Innovative Georgia Companies competition, the newest inductee into the Technology Hall of Fame of Georgia, 16 breakout sessions on global trends, and a two-day exhibitor showcase.

About Montra

Montra Solutions is a software-enabled managed IT services provider specializing in Cloud, Security, Devices, and Infrastructure. Headquartered in Atlanta, Montra simplifies the management of increasingly complex IT operations with software that better integrates and automates the monitoring and management of modern IT. Montra’s innovations are enabling scalability and analytics for the highly fragmented, multi-billion-dollar managed IT services industry.

About The Technology Association of Georgia (TAG)

TAG’s mission is to Connect, Promote, Influence and Educate Georgia’s technology ecosystem to advance the innovation economy.  Through those four foundational pillars TAG serves the technology community, helping to support, grow and ignite tech leaders, companies and the overall Georgia economy.

TAG serves more than 30,000 members statewide through regional chapters in Metro Atlanta, Augusta, Columbus, Macon/Middle Georgia, and Savannah. TAG hosts more than 150 events each year and serves as an umbrella organization for 26 professional societies.

TAG provides networking and educational programs; celebrates Georgia’s technology leaders and companies, and advocates for legislative action that enhances the state’s economic climate for technology.

Additionally, the TAG Education Collaborative (TAG-Ed) focuses on helping science, technology, engineering and math (STEM) education initiatives thrive.

For more information visit the TAG website or TAG’s community website at www.hubga.com. To learn about the TAG-Ed Collaborative visit www.tagedonline.org.