Uncategorized

Five ways to encourage security at your organization

Your employees are all smart, savvy people, right? You probably wouldn’t have hired them otherwise. While this intelligence and shrewdness keeps your organization running, it can also work against you in certain situations – when it comes to cybersecurity, for example.

“That doesn’t make sense – my people have been working digitally for years – they know how to protect themselves and the company,” you might think. But Verizon’s 2018 Data Breach Report found that an average of 4% of targets in a phishing campaign will click, and that people who have clicked once are more likely to click again.

Last year, 60% of security professionals responding to the EY Global Information Security Survey ranked employee carelessness or negligence as a top threat, up from 44% in 2015. And their wariness isn’t misplaced: a 2017 report from Willis Towers Watson found 66% of all cyber insurance claims stemmed from employee negligence or malfeasance, and the FBI reported a staggering $12.5 billion lost in 2018 due to business email compromise alone.

One of the biggest problems is that people are now so comfortable working, communicating and conducting business online, they’ve become overconfident in their immunity to risk.

“Most modern workers think they know how to avoid security threats,” says Dark Reading. “We no longer have an awareness problem: Workers have heard the basics about phishing. We have a false confidence problem. Knowing about security threats is only half the battle. Employees also have to know what actions to take.”

Making sure your employees know what actions to take, and encouraging them or requiring them to do so, is primarily the responsibility of your organization. Here are five steps you can take to build and maintain a culture of true, educated, actionable cybersecurity at your organization:

  1. Conduct regular, relevant, updated training: We’ve all seen the dated training videos about cybersecurity risks … like leaving confidential documents sitting on a fax machine … and we’ve all laughed at them and zoned them out. It’s worth investing in personalized training that takes your organization’s policies, practices and risk factors into account. When employees feel that a trainer or training program really understands company culture and any potential threats, they’re much more likely to pay attention.
  2. Require password updates and security measures: Nobody likes a forced PC restart due to an antivirus software. People really don’t like being forced to choose a new 15-character password with at least one number and one special character every three months. But these measures are extremely important for maintaining protection over your organization’s information. Unique passwords (that aren’t the same as passwords your employees use for banking, shopping and accessing medical records) can help discourage breaches from occurring, and company-wide antivirus software installation and maintenance can help protect you from threats that do manage to break through.
  3. Start from the top:  Corporate cybersecurity cannot be a ‘do as I say, not as I do’ situation. Employees need to see your organization’s leadership following best practices too. When good behavior is modeled for them and they see executives following the same policies they are told to follow, they are more likely to do so.
  4. Remind employees it’s about them too, not just the company: No matter how loyal your people are, the idea of a threat to their personal bank accounts or identifying information will probably encourage action better than if they think only corporate information is at risk. Remind them that because so much of our lives are lived online these days, a breach to their corporate accounts can mean increased risk to their personal accounts.
  5. Invest in a solution to monitor individual security breach risk: On the flipside of that, if an employee’s information is compromised elsewhere on the internet, your organization is more at risk. With Applogie’s data breach discovery feature, you can get alerted when an employee account has been compromised somewhere else online. Then you can prompt that employee to change his or her corporate password immediately, greatly reducing the chance that your own corporate systems are at risk of a breach as well.

We all think we’re smart enough to avoid security threats online, but we all get careless. The right corporate policies and solutions can help your employees shoulder less of the responsibility, and the right educational tactics and behavior modeling will encourage them to be as safe as possible with your organization’s systems and information.

Uncategorized

How you’ll use SaaS in 2019 and beyond: Four predictions

It’s official now. SaaS is everywhere. Cloud computing is computing. The legacy on-prem systems your enterprise has used for years or decades have moved to the cloud (or if they haven’t quite yet, they’re working on it – ask them). SaaS-based startups are coming out of the woodwork to manage, improve and optimize aspects of your life and business you never even considered could be managed, improved or optimized. Culturally, we’re experiencing a global shift in how we expect information and services to be stored, accessed and available. There’s no turning back now.

And as access to the cloud becomes more and more ubiquitous, we’ll need to continue honing the way we use and manage it. Little things about how we operate in the cloud will start to change and evolve, and we will need to make sure our awarenesses and attitudes are changing along with them.

Here are four of those “little things” I predict will make a big impact by the end of 2019:

  1. More SaaS spend will end up on your corporate credit card accounts. Don’t fight it – it’s good for the growth, health and innovative spirit of your business. You want to create a culture of experimentation, in which your people have the freedom and agility to test and pick the right products and solutions for the way they work. The best way to foster that freedom is by allowing people to sign up for SaaS-based solutions on their own, with their p-cards. But – of course there’s a but – this means you need a way to keep track of these subscriptions, so you can monitor what’s being purchased, what’s being used, where there’s overlap, and when you need to start putting parameters around the practice.
  2. You’ll need to pay closer attention to which users have access to which systems. This prediction is closely related to the first, and based on this cultural shift we’re undergoing. Because it’s becoming so easy to sign up for software subscriptions and share access with multiple users, people are more comfortable doing so. This applies to subscriptions purchased on corporate cards, yes, but also to the subscriptions handled through your ERP. How often does an employee ask for access to a cloud-based solution and it’s just handed over without any thought, and not recorded anywhere? What’s your process for removing employees from those same solutions after they leave the company or it’s clear they’re just not logging into the application?  More SaaS equals more forgotten users, and those forgotten users not only lead to massive wasted spend, but to one of your organization’s largest risks of security breach.
  3. You’ll be on higher alert for – and more at risk of – massive data breaches. They’re still coming – more of them and bigger than ever before. You’ve likely heard about what just happened with Marriott – where a breach of its Starwood reservation system exposed the personal information of potentially 500 million people. Here’s what that has to do with you – as much as you hope your users aren’t reusing passwords across the web … they are. It’s almost guaranteed. You can tell them not to and impose strict password standards for the systems you control, but ease of use means they’ll likely be using variations on the same username and password everywhere. Yes, everywhere. You can’t know for sure what they’re doing outside your systems, but you can know when their emails are compromised on the dark web, thanks to Applogie’s newest feature.  
  4. You’ll start saving real money. That’s right – not all of my predictions involve more work or risk for you or your organization. Broader adoption of SaaS & IaaS means you really can start realizing the efficiencies these solutions promise – if they’re managed correctly. 2019 is the perfect time to invest a little in a solution that helps you manage your software commitments, so that you can optimize your investments in all your other subscriptions – and reprioritize the dollars saved into what matters – going forward.

I, for one, am thrilled to see what’s in store for the SaaS market this year. I’m confident these four predictions will become reality soon – I can’t wait to see what other exciting developments come along with them.

Uncategorized

An interview with Scott Coons, Co-Founder of Applogie

Scott Coons is no stranger to the pain and success of growing a company. After founding Kansas City-based Perceptive Software, he led the organization from its first dollar of revenue through 13 acquisitions and to $700 million in revenue by 2015. At that time, Coons declared himself “retired” – but like many in similar positions, his retirement includes significant involvement with the world of his former profession.

 

Officially, you claim to be retired. But you never truly stepped away from the technology field. What has been keeping you busy since 2015?

 

Well, I guess once an entrepreneur, always an entrepreneur. I truly never wanted to be out of the game. Since the summer of 2015, I’ve been spending a lot of time with technology investing, performing start-up CEO mentoring, professional board work and charitable board work. Of those commitments, I most enjoy working with startups – sitting on their boards and mentoring their CEOs.

 

Along with my Perceptive software co-founders, I created a venture fund called perceptiveEQUITY that allows us to truly support these Kansas City-based businesses. I enjoy being able to invest in startups I believe in, both financially and from a leadership perspective.”

 

Applogie, of course, is one of those businesses. Where did the idea for Applogie come from, and how did it grow into reality?  

 

Over my last four or five years at Perceptive and Lexmark, while I was still running the software business, our constant strategic initiative was to get our technology into the cloud as a true subscription offering – 100% in the cloud. As a result of that strategy, we were willing to perform a lot of experiments in our own operations by testing a lot of cloud-based toolkits and pieces of software.

 

The result of that experimentation was, when managed correctly, we were able to get our product to the cloud faster, more efficiently and to create our point solutions faster. The challenge, though, was that we were never good at managing the expense. Brian Anderson (Applogie CEO and co-founder) and I would always discuss how we could do a better job at that part. It got to be that I would receive our financial statements and, to be honest, become very upset … our cost structure never ended up where we needed it or where we expected it.

 

What we found was toolkits and solutions would be started up in the cloud and not turned off, even after they’ve been deemed ineffective or irrelevant. Cloud experiments would be implemented and then the people responsible for or passionate about them would leave without shutting down the process. Or things would just get stale and forgotten. There was no good way to manage it with spreadsheets or through our SAP ERP. That’s where the idea was born.

Brian gave it a lot of thought and came to me and said, when the time is right, let’s do this. By 2018, the need for the product was undeniable. The time was right.

 

Why do you believe so strongly in Applogie?

 

I’ll put it this way – I believe the success of Perceptive came from our ability to drive efficiency for our customer. That efficiency, in turn, allowed customers to repurpose their people and their investments to the most strategic areas of their business. Applogie does the same thing. It’s a solution that allows customers to spend their dollars on the right things, in a controlled fashion.

 

Any dollar that can be saved and optimized in this ever-growing world of cloud and software subscriptions is a dollar that can be spent on more strategic investments. It’s about having control of that expense so you can spend toward what you really want to spend, versus trying to manage the factor of constantly having expenses larger than you believe they’re going to be – or never knowing about the expense until it is too late. Applogie relieves that unknown.

 

Applogie had a very successful 2018. What do you think that success can be attributed to?

 

I believe customers will always tell you what you should build. You just have to be paying attention. Over 20 years at Perceptive, our growth all came from designing for making the customer solution better. Never was it about solely making the business better or adding to the bottom line. Growth was organic from there. The same thing is happening with Applogie. We started with a product that people need and love to use, and we pay attention to what our customers are telling us.

 

Most recently, it seems, customers told you that cloud security was a strategic concern for them. How did Applogie respond?  

 

The most positive thing about software that runs in the cloud is that people can sign up quickly and people can start using it quickly. But on the flip side that’s also the most challenging thing. For any company – and enterprise companies in particular – you quickly end up with many systems you can’t control.

 

So when it comes to security, if you can’t control the system or don’t know about those systems, you’re at risk.

 

The thing is, there’s a lot that a person at any company needs to know to perform their job. Meaning, they have to be an active user in a lot of systems. They log into a lot of systems.  As a result, they tend to use the same passwords and user IDs across these systems. It’s human nature. This proliferation creates the biggest exposure risk. Brian had the idea to incorporate a way to manage this problem into the Applogie platform.

 

Applogie, through programmatic interfaces with a customers enterprise systems, can determine all of the email addresses and/or user IDs and automatically monitor those ID’s for security breaches. If there’s been a major internet breach, Applogie can identify where it happened, and compare compromised accounts with the accounts we manage. Odds are, the passwords for those other accounts are the same. So, we can in real-time, as soon as a major breach happens, tell you what kind of exposure you might have and advice you toward how to manage it. As far as we know, there’s no other product that can do it with the automation and ease like Applogie can.

 

What do you think 2019 and the years beyond have in store for the company?

 

Nothing but continued growth. We’re seeing some competition, but that competition only validates that the market needs what we offer. I’m confident our product is better than the competition’s, and that we can execute on our customer relationships better than they can. It’s fun to be in the start-up business again and exhilarating to be listening so closely to what our customers are telling us we need to build. That’s what drove the success of Perceptive, and it’s what will drive the success of Applogie as well.

 

Uncategorized

New feature: Protect your corporation with data breach discovery

When I first started telling people about Applogie in 2017, I focused mostly on how our SaaS management platform could save their companies thousands of dollars month-to-month and year-to-year. That’s still true. The ability to understand expenses and usage, plan budgets backed by data and negotiate vendor contracts with confidence can mean a huge difference in a corporation’s bottom line.

But recently, I’ve been thinking a lot more about how SaaS management can act as a sentinel, cutting down on a corporation’s risk of a major security breach (which, incidentally, could save millions of dollars – not to mention trust and reputation).

That’s why I’m thrilled to announce we’ve added another new feature to the Applogie platform: data breach discovery on an individual level.

Now, your Applogie admin can input the individual email addresses of all your corporation’s employees and check to see which of the email addresses have been compromised, where and when, in near real-time.

Research shows 60% of all cybersecurity attacks against corporations are committed by insiders including current employees, and 25% of those attacks are probably accidental. So if an employee uses a corporate email address and password to sign up for an account on another website, and that website is then compromised, your systems are in danger too.

When you know that an account has been a victim of a data breach somewhere else online, you can prompt that employee to change his or her corporate password immediately, greatly reducing the chance that your own corporate systems are at risk of a breach as well. You can also use this information to ensure employees are complying with corporate email usage standards, to design cybersecurity training programs, and to keep your employees’ identities safe.

Combined with our SaaS discovery, management and optimization capabilities, this new data breach feature makes Applogie an integral piece of your enterprise security stronghold.

Curious to see where your employees stand?

Begin a free trial of our data breach discovery feature now.

SaaS Management

Comparing Applogie and Zylo

We’re proud of what we do at Applogie. We trust in the company we’re building, and our customers trust us, too. Our technology speaks for itself, so there’s no need for us to disparage our competition – that’s not what this blog post is about. In fact, we believe so strongly in the power of SaaS platform management that we’re thrilled more vendors are starting to offer the service.

But Applogie is still one of the newer kids on the block – we don’t have the name recognition or funding that companies like Zylo do (yet). So we do want to shed light on the ways in which our companies and platforms differ – and the ways in which they’re similar.

From a platform standpoint, you might think you would derive comparable benefit from Applogie, Zylo, and a few others in the SaaS platform management space (but not all – many so-called competitors really only manage IaaS and PaaS, not SaaS, as we discussed here). After all,

  • Both companies are built to discover your SaaS apps, manage your renewals, measure your utilization and track the security of every app in one system of record.
  • Both companies monitor critical SaaS information through integrations with your key business systems and SaaS partners.
  • Both companies can have you tracking your software subscriptions – and getting real value from the resulting information – quickly, easily, and without burden on your IT department.

So where does Applogie pull away from the herd? These are the reasons you should listen to what we have to say:

  1. We offer user risk detection. Zylo does not. Did you know that 60% of ex-employees at large companies still have access to at least some systems? At Applogie, we understand the risk of not removing users when they leave your organization, so we track who’s working with you when, making the off-boarding process simple and secure.
  2. We understand the global enterprise. Just because Applogie seemingly came out of nowhere doesn’t mean our leadership team is green. Our co-founders were executives at global, enterprise tech corporations before this, and have experienced all the growing pains you are. We might even be able to uncover challenges you haven’t noticed yet. You can read more about why we’re passionate about Applogie here.
  3. We know where SaaS costs like to hide. Because we have grown and run a large technology company, we know better than anyone the critical role that credit cards and purchasing cards play in your SaaS costs. So we track those, too.
  4. We know what it takes to scale a business. We didn’t arrive at those aforementioned leadership positions through nepotism, good connections, or sheer luck. We’ve founded companies before this one, and – not to toot our own horns, but – they’ve been wildly successful. We’re confident Applogie will as well, after a short ramp-up period. But for now …
  5. We have contract and pricing flexibility. Applogie is still small enough that our overhead is really low – we’ve built the platform, our people are working for pride and peanuts, and we truly care about the satisfaction of each and every customer – no matter how small. So if you just want to dip a toe into the SaaS management waters, we can allow you to do that.