How to choose the right Security Auditor

How to choose the right Security Auditor

Now that your company has decided to start performing regular IT Security Audits to ensure compliance and enhance cybersecurity, the next step is to find the right Security Auditor. Although it can seem like a stressful and daunting task, it is important to find an Auditor who is a suitable fit for your company. Focusing solely on low price may result in a poorly matched Security Auditor for your team. The right Security Auditor will be able to understand the specificities of your product and the challenges your company’s IT systems may be up against. 

What are some factors to consider when choosing a Security Auditor?

1) Qualifications

Auditors may be qualified to perform different levels of tests. It is first important to determine what compliance certifications your nature of business needs; it is common to see cloud-based service businesses needing SOC 1, SOC 2 and ISO 27001 as well as CCPA as compliance necessities. Do your research beforehand to see which Audit companies are qualified to run the tests you require.

2) Reputation

The key to vetting an Auditor’s reputation is to do thorough customer reference checks. You will want to ask those who have worked with the auditor a few of the following questions:

  • How flexible has this auditor been while working with you?
  • How would you rate them compared to other Security Auditors you have worked with?
  • Did their services and delivery measure up to what they promised?

It is usually well worth the price to partner with a reputable, more expensive Audit company and known brand than an unknown auditor with no references at a lower price.

3) Time Commitment

Your engagement with a Security Auditor could range anywhere from three months to several years as most security accreditation standards require annual renewals. It is relatively uncommon for companies to switch auditors once a match is made. The bulk of the work for an auditor is in the first year, and it reduces over time. It is a good opportunity to also consider long-term pricing arrangements which can either start low with a good deal and increase or lower over time.

4) Tools

What kind of tools and programs will the Security Auditor be using? Are these programs up to-date and in full support of cloud-based services?  If your company uses modern infrastructure and software, your auditor needs to fully understand those. Likewise, it is important that your own IT department understands these tools, and that they are scalable and easy to use.

Choosing the right IT Security Auditor can lead to a long-term beneficial partnership and relationship for your company. While evaluating choices, it is crucial to consider not only the price, but the timeline of the relationship, the Auditor’s reputation and reliability, their qualifications and the programs that they will use to maximize the value of the audits specific to your company’s needs.

 

By: Joanna Ambros, MBA

The Importance of IT Security Audits

The Importance of IT Security Audits

In today’s modern day and age, it is crucial for companies to take their Information Technology systems seriously to avoid the possibility of cyber-attacks and data breaches. A great way for companies to ensure their Security remains up to date and compliant is to perform regular IT Security Audits.

What is an IT Security Audit?

To begin defining an IT Security Audit, we can examine the formal definition of an Audit as provided by the Institute of Internal Auditors: “independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”

An Information Technology Security audit is a  comprehensive review of your company’s entire IT infrastructure. This includes a full review of your IT systems, management, applications, and data uses amongst other processes. The purpose of this audit is to evaluate the overall safety of your network. A good comprehensive audit would suggest improvements and identify any weaknesses in your system, to ensure greatest operating efficiency and cybersecurity.

What are the Benefits of IT Security Audits?

Companies should perform regular IT Security Audits to determine if their infrastructure properly is able to secure the company’s data and assets. There are many benefits to performing these audits regularly:

  • Reducing Expenses – IT Audits can help you uncover which services you no longer need as well as outdated software and help your company save money in the long run.
  • Ensuring Compliance – Regular IT Audits will also ensure that your company’s Information Technology platform and systems are up to date with your country’s standards. This will help avoid any legal disputes and fines down the line.
  • Verify Security Effectiveness – Certified IT auditors will use various tests to verify how effective your current cybersecurity processes are.
  • Improve Communication within the Company – Regular IT audits can enhance the communication between different departments with the Information Technology department.

Types of IT Security Audits

There are four main types of security tests in an IT audit. These include: Vulnerability Tests, Penetration Tests, Risk Assessments as well as Compliance Audits

Vulnerability tests are performed to identify any loopholes or risks in your IT system’s design, to reduce risk. Penetration tests are used to stimulate disruptive conditions and break into your system, such as sending email links with malware. These are great for improving employee security training and testing antivirus software. Next, Risk Assessments are used to identify and eliminate risks associated with using your company’s IT systems. When risks are identified, the next step for companies is to determine what investments should be made to eliminate those risks. Lastly, Compliance Audits ensure that your company’s IT systems adhere to the legal standards in your country or industry.

Regular and successful IT Audits will ensure that your company’s IT systems are well protected against modern threats, and compliant to regulations. The best way to protect your company’s security in today’s technological society is through expert auditors.

 

By: Joanna Ambros, MBA

 

Serial entrepreneur looks to make another impact on MSPs

Serial entrepreneur looks to make another impact on MSPs

By Paolo Del Nibletto

Colin Knox describes his entrepreneurial journey so far in two words: Crazy and stupid. But the founder of two highly successful businesses: XCEL Professional Services and Passportal also acknowledged the creative part of his journey as well.

Knox, after spending a little over a year at SolarWinds MSP which acquired Passportal, is at it again with a new company called Gradient MSP. This time, Knox will be using his talents to help the MSP and vendor communities better understand themselves. The goal is to lead both communities into building profitable monthly recurring revenue streams.

The spark for Gradient MSP came while he was reading Start with Why: How Great Leaders Inspire Everyone to Take Action by Simon Sinek. “This book spoke to me,” he added. While reading the book, Knox began to envision how he could solve more MSP industry problems by helping the community compete on a level-playing field. Knox also realized the industry is a two-way street and will have Gradient MSP work with vendors as well to “level them up” to better understand MSPs.

Currently, Gradient MSP is working on its offering; planned for launch sometime in this year.

During the Jolera Interview Series, Knox talked about how he started as an entrepreneur by catching insects as a kid and putting them into his own “Bug Zoo”. As crazy as this sounds, neighborhood kids paid Knox to see his collection. And, from there it sparked a lifelong passion to create things that others can enjoy.

“I thought it was cool. People paid me to see my bugs. It comes down to creating something that others can enjoy and make their lives easier. I think the most rewarding thing for me is when I hear stories about how things I have created that has impacted others. This is what drives me to keep going and try new things,” he said.

Knox’ biggest claim to fame is Passportal, a password security and documentation management solution that he sold to SolarWinds MSP in 2019.

“We created Passportal at a time when many MSPs were embarking on trying to find a solution. We’d gone out and looked high and low and found a ton of enterprise or consumer grade products, but none that were suited for the mid-tier,” he said.

After posting several queries on platforms such as LinkedIn, to find out what others were using to solve and manage passwords without any luck, Knox decided to build it on his own. Passportal came at a time when several MSPs had no answer for challenging issues such as compliance audits or even simple matters as a password change when an employee leaves the organization.

Then those LinkedIn queries turned into several replies for other interested parties wanting to know if Knox and XCEL found anything. Knox saw opportunity and created Passportal in 2011. And, with zero marketing effort got more than 300 MSPs to use it almost instantly. At the time of the SolarWinds MSP acquisition more than 2,000 MSPs were using Passportal worldwide.

Knox credits entrepreneurs such as Robert Herjavec of Dragon’s Den fame and Apple co-founder Steve Jobs for his inspiration as an entrepreneur. Knox said without having read Herjavec’s book Driven: How to Succeed in Business and In Life he would never have started XCEL. “Herjavec’s story showed me that I could build an IT business in Canada.”

As for Jobs, several of his career case studies gave Knox the confidence to know that a small, gritty team can be world class and create solutions that can be used by the masses.

Also, during the Jolera Interview Series, Knox described what his experience was like starting Gradient MSP during a worldwide pandemic as well as what entrepreneurs can learn from failure.

 

Partnering with a Managed Service Provider: What to Consider?

Partnering with a Managed Service Provider: What to Consider?

For many small or medium sized businesses, as well as emerging start-ups that do not have the capacity to manage their own Information Technology Infrastructure, a Managed Service Provider is a great solution. An MSP (Managed Service Provider) is a third-party company that remotely manages a company’s IT infrastructures and performs day-to-day management services. With so many MSPs globally available today, it is important for a business to first consider some critical questions before choosing the right MSP to partner with.

1. At what point should your services be managed by an MSP rather than in-house?

The first step is to determine what services are actually worth managing by a third-party. If a company has less than ten computer users, it may actually be more cost-effective to do all services in-house. However, if a company is scaling and has over two hundred end users and is still in the process of growing, most services should be managed by an MSP to enhance productivity and cost-effectiveness for the business.

2. What competitive advantage does the MSP offer?

What differentiates the Managed Service Provider that you are considering? Is it their extremely well reviewed customer service and 24-hour support, or the low cost? Or is the MSP more costly but more committed to the latest technological upgrades and constant improvement? Companies should determine what is most important to them at their stage of growth and choose an MSP according to that specific competitive advantage.

3. Does the MSP offer after-hours or onsite support in the case of an emergency?

Depending on where your company is located globally, natural disasters could be a serious risk for your IT infrastructure. Your company could also be a victim of a data breach. No matter what the worst-case scenario is for your business, it is a huge bonus for the Managed Service Provider to offer immediate and onsite support at all times in case of any emergencies. If your company is in an area more at risk of a natural disaster, it is important to determine which providers include on-site support as some only offer remote guidance.

4. Does the MSP offer an all-inclusive support plan?

An All-Inclusive support plan works out to the benefit of both parties; the MSP and the company using their services. A flat-fee arrangement motivates the MSP to perform quickly, whereas an hourly billing service may not be ideal for a starting company strapped for cash.
Make sure you are fully aware of what is included in the all-inclusive service plan. Some examples of services to look for include:

Choosing a Managed Service Provider is an exciting step to take, but one not to take lightly. The right provider can tremendously help your business improve technological efficiency. It is important for any company no matter how small or big to do proper research and consider the above essentials to make an informed decision.

By: Joanna Ambros, MBA

How Companies should React when a Ransomware Attack Occurs

How Companies should React when a Ransomware Attack Occurs

Imagine the following worst-case scenario: your company has taken the right steps to protect its employees, customers and data from cyber-attacks, and yet a ransomware attack still occurred. Now what? It happens; no company is fully safe from today’s rising cases of cyber-attacks and data breaches. Even with the most secure platforms, hackers may find discerning ways to infiltrate the system. How a company reacts in the first few hours and days following a cyber-attack is crucial.

First Step: Recognizing the signs of a data breach

Employees must be educated and empowered to immediately inform their IT department if they suspect a ransomware attack has occurred. Employees may feel guilty and embarrassed if they believe they are at fault of letting a data breach happen. However, if the threat is not addressed immediately, the consequences could be more severe. The best way to damage control is to respond to a security threat immediately. Signs of a data breach include but are not limited to:

  •         Locked accounts or changed user credentials

  •         Missing funds or assets

  •         New suspicious or unknown files

  •         Reduced Internet speed.

Next: Determine and isolate the systems impacted.

Early on, only a few computers may be affected in the attack. In this case, it is crucial to disconnect the affected hardware from the system. The network should then be taken entirely offline. If the network cannot be taken offline, all devices should be powered down. It is important to however note that in that case you may lose some evidence of the attack which would be beneficial for the authorities. Best course of action is therefore to take the entire network offline at the switch level. Once damage control is done, the company may begin restoring critically important systems based on priority level.

Final Steps: Engage the right stakeholders

Depending on where your company is located, you may want to contact the FBI or the police once the first step is complete and the affected systems are isolated. It is important for your IT department to identify what information the hackers may have infiltrated for the authorities to try to salvage the situation accordingly. If the hackers ask for a ransom, do not attempt paying them right away but rather let the professionals handle it. Majority of the time, even if a ransom is paid, data has already been stolen or compromised. The next relevant stakeholders to contact would include managed security service providers, your cyber insurance company, and the board of directors and other developmental leaders.

Lastly, your company will need to find a proper way to disclose its data breach to either the public or simply just the affected customers; this will depend on the impact of the attack and how many potential customers’ data was affected. Your communication department can handle this appropriately. Customers whose data has been compromised need to be informed right away. Although loss of trust from customers is a serious consequence of ransomware attacks, if handled appropriately, it is possible for a business to rebuild itself and regain trust from the public.

 

By: Joanna Ambros, MBA

3 Ways Companies can Protect against the Rise of Cyber Attacks

3 Ways Companies can Protect against the Rise of Cyber Attacks

As news reports have indicated over the past year, data breaches and ransomware attacks have been on the rise amidst the global pandemic. A 300% increase in cybercrime can be attributed to the rise of online activity since the start of the Novel Covid-19 Virus as of early 2020. After a major cyberware attack on a U.S. pipeline occurred earlier this year, Chief Shelly Bruce, head of Canada’s Electronic Spy Agency, announced that businesses should take extra steps to protect themselves as well.

Data however suggests that Canadian companies are simply not spending enough on cybersecurity.  Statistics Canada reported that Canadian businesses spent less than one percent of their total revenues on security measures and software. Around 20% of large Canadian businesses did not report any expenditure on Cybersecurity in 2019. Security measures simply do not appear to be the top priority for many large businesses and ironically, those are the businesses most at risk. Below are the ways that Canadians can begin protecting themselves against the rise of cybercrime.

1. Invest in a well-rounded cybersecurity infrastructure

Companies need to protect their systems from threats at all angles. A well-rounded system, such as Secure IT, offers a wide variety of services targeting security threats. The platform’s Security Information and Event Management analyzes multiple data streams from all of the company’s devices to detect potential threats. It includes cloud, software and hardware technology, a strong firewall, fully secured WiFi, advanced security analytics and correlation as well as live agent support at all hours.

2. Place a focus on cybersecurity training and awareness

Investing in a well-rounded IT cybersecurity software is only the first step. Companies need to establish a culture of security awareness in their workplace and place an emphasis on its importance. Some ways to do so would be discouraging password sharing, restricting network admin rights, and hosting monthly or weekly discussions on security. Businesses should educate workers on creating strong passwords, restrict certain websites and implement ways to test employees. Proactive monitoring must also be in place, to detect compromised and stolen employee data and credentials.

3. Invest in cybersecurity insurance

Even businesses with highly secured firewalls are still at risk of a data breach, as hackers are finding more and more ways to infiltrate companies’ systems. Losses from such data breaches can tremendously impact a company’s bottom line. Companies should therefore invest in a comprehensive cybersecurity insurance to mitigate the financial impact if a cyber-attack does occur.

The world is not as it used to be; in our new digital age hackers are becoming more persistent than ever before. And since companies are collecting more data than ever, a cyber-attack is bound to cause very serious consequences. These consequences not only include huge financial losses but more importantly a loss of trust from customers, and the public.

No companies are truly safe, and the only way to fight against the rise of cyber-attacks is through a multi-layered security system, a strong workplace culture and protection in the form of insurance if all else fails.

 

By: Joanna Ambros, MBA

The Rise of Cyber-Attacks in 2021

The Rise of Cyber-Attacks in 2021

Ransomware attacks have been increasing globally over the years, and  thousands of companies around the world have been affected as a result. Ransomware attacks, also known as  Cyber-attacks, occur when a company’s online systems are hacked, taken over and locked unless a large ransom is paid.

Since the global pandemic has struck early last year, the FBI reported a 300% increase in cybercrime. This rise can be attributed to hackers taking advantage of increased online activity of knowledge employees while they are working from home. This current scenario represents a great opportunity for hackers. Remote workers have in fact accounted for a security breach in 20% of organizations. Phishing scams on the rise amongst the pandemic have included links asking for donations, as well as emails from professional-looking addresses luring individuals to open attachments which then implant malicious programs on the victim’s computer. Ransomware can also start through “drive-by” downloading, which happens when a user visits an infected website, and malware is downloaded into the user’s drive unknowingly.

The world’s largest ransomware attack to date has just recently occurred, and Canada was lucky to avoid any big hits. This month, Kaseya, a Florida-based Information Technology company, was hit with a ransomware attack that affected companies in 17 different countries, including the U.K., Sweden and Mexico. The company was hacked by a Russian-based gang who call themselves “REvil”, who somehow maneuvered their way into the IT company’s seemingly secure system. Experts said that this has been the most sophisticated cyber-attack the world has seen.

Kaseya’s customers include hundreds of businesses internationally that are too small to have their own IT department, hence they outsource their security systems from the technology provider. The impact of this unfortunate ransomware attack was felt globally. In Sweden, at least 800 Supermarkets that used Kaseya had to close their cash registers for three days. In New Zealand, many schools had to remain offline while their security systems was looked into.


Why should Canadian companies care?

Thankfully, no Canadian companies have been yet said to be affected by Kaseya’s attack.

However, the impact that may be felt on Canada’s economy isn’t fully known yet. V. Gupta, BDO partner and cybersecurity expert expressed concerns that “Kaseya provides a critical piece of infrastructure that a lot of organizations leverage, especially in Canada,” he said. “The number [affected] could certainly grow … the impact is still not fully known” The consequences of this attack could lead to large losses for the Canadian economy, specifically for small and medium-sized businesses who outsourced their IT software from Kaseya.

This is not going to be the last ransomware attack that affects the world globally. Companies now more than ever have the responsibility of taking extra precautionary measures when choosing to outsource any software. The Canadian government may start implementing regulations for any companies outsourcing such software to remain in full compliance and safety. In the meantime, Canadian companies need to take extra steps to educate employees on how to avoid these phishing scams.

 

by  Joanna Ambros, MBA

The Post-Pandemic Future of the Hybrid Workspace

The Post-Pandemic Future of the Hybrid Workspace

What it could mean for Canadian companies?

It has been over a year now since a large number of Canadian knowledge workers – workers whose jobs involve handling or using information – started working from home. For some of us, it has been a dream come true – we have been able to wake up a little later, save an hour or more per day commuting to the office, and spend more time with family. Others however, miss the daily banter with their colleagues and the sense of a normal routine.

Overall, a lot of Canadian teleworkers workers seem to prefer a hybrid workspace, meaning the ability to work from home some days, and go into the office on others. Based on Stats Canada, eighty percent of current teleworkers indicated that they would like to work at least half of their hours from home once the pandemic is over.

Canadian companies are embracing the future of the hybrid working schedule and giving employees a choice in whether they have to return to the office. Deloitte Canada has already announced that they will give their staff total flexibility over where they want to work post-pandemic, and many companies are following suit. What will the hybrid workplace mean for Canadian companies?

The ability to source more diverse talent

Companies that give employees the flexibility from working from anywhere they’d like – office or home – will have the benefit of being able to recruit and hire the right talent from different cities or provinces in Canada, or diversify even further by recruiting globally. The benefits of expanding your talent pool outside of your city can include cost savings, hiring faster and diversification.

Less office space

Many companies will find that they will be able to fit their staff in half of the space they once used. Companies may start to lease out their office space, which will provide them with more capital to inject into other projects.

These companies may move away from traditional assigned offices and workspaces and focus on collaboration rooms where employees can come and go when they need to work from the office. Telus has announced that they will be incorporating a mix of coworking spaces, collaboration rooms and wellness stations as they give employees freedom to choose where they can work from.

A focus on Cybersecurity

Companies will need to focus on privacy and cybersecurity now more than ever. With the majority of employees working remotely, legal and private documents that normally would have been handled in person are being scanned and signed virtually. With the rise of DocuSign and similar software, paper copies have become a thing of the past in many organizations.

With a permanent shift towards remote work there exists a concern for how data is being accessed and stored. Companies may need to invest more in Cybersecurity infrastructure to ensure they remain privacy compliant for their clients, protect their employees and prevent data leaks.

The pandemic shifted our perception of what an office job should look that. One thing is certain; and it’s that remote work is here to stay for the majority of Canadian companies. Companies need to adapt and remain flexible to remain competitive and viable as they navigate through the new normal.

 

By: Joanna Ambros, MBA

5 Reasons For Modernizing Data Protection Starting Today

5 Reasons For Modernizing Data Protection Starting Today

By Paolo Del Nibletto 

Most channel partners are happy to put the 2020 year in the rearview mirror and concentrate on new money-making, customer-satisfying strategies for a post-pandemic world. As this group starts to claw their way back to what business was like before the pandemic, the impact of COVID-19 and the subsequent lockdowns are still bringing serious challenges to channel partners in North America especially when it comes to data protection.

If there is one thing business has learned from the COVID-19 pandemic and the many stay-at-home orders from governments is that it has put a major strain on business continuity. It has also made the IT department reach new levels of anxiety as so many of its workers are now remote.

As the business world settled into this new mix of remote and workplace operations in 2020 and 2021, they began to put serious thought to modernizing its data protection plans. There are five main reasons for this, according to Veeam 2021 Data Protection Report, are: 

  • Economic uncertainty. 

  • The acceleration of cloud. 

  • Modernization of IT environments. 

  • Loss of data/failed backups; and 

  • Rampant ransomware. 

These five factors have led to many channel partners seeking new ways to modernize data protection in a post-pandemic world. 

Dave Russell, vice president of Enterprise Strategy at Veeam, (the co-author of the report along with Jason Buffington, Veeam’s vice-president, Solutions & Product Strategy) pinpointed ransomware along with overall cybersecurity as top priorities for CIOs in a post-pandemic world. 

“CIOs are looking for features and solutions that can overcome ransomware. At the end of the day, we are not a security company, we have hired a CSO, but it is fair to say the everyone in the data centre and everyone in the company has a role to play in security, but if you think about the greatest security vulnerability it is with the employees and fishing attacks,” Russell said. 

A modern data protection approach, Russell suggests, must have best practices around digital hygiene. 

Digital hygiene, Russell adds, is not specific to Veeam but can include items such as creating different passwords and separation of key resources and data on different networks so not everything can be compromised or access at the same place.  

“Cybersecurity would still be a concern even without the pandemic. IT is still scared about cybersecurity because they do not know what the threats look like and how they evolve and change. In a post-pandemic world cybersecurity jumps to the top,” he said. 

BONUS REASON 

If there is another reason beyond the five mentioned for developing a modern data protection strategy in a post-pandemic world, Russell believes it is digital transformation. COVID-19 has had a dramatic impact on digital transformation. According to the Veeam 2021 Data Protection Report, there was a massive increase in digital transformation speed in 2020, with 54 percent of organizations accelerating their digital transformation plans. Meanwhile, organizations already into their digital transformation journey ramped up their investments in this area. For example, 91 percent of organizations in the first few months of the pandemic increased cloud services usage in support of the many remote workers that were now in their midst. 

Russell commented about an intersection of digital transformation that occurred in 2020, where some put their heads in the sand and took a pause because of COVID-19, while others saw it as perfect timing to “double down” on digital transformation.  

Modern data protection does have a major role to play in digital transformation as it improves the overall data connection, accuracy, capture and protection. “And it surfaces up data to the cloud for sharing. We know that digital transformation will be backed on data and so it has to be protected.” 

DRIVING THE RIGHT OUTCOMES 

The ultimate outcome for business is to ensure peace of mind. Russell speaks to building confidence in an organization to deliver data at any time, any place and on any device. Currently, the spend on backup and data recovery versus cloud and SaaS solutions has a seven times gap. But the heightened state of ransomware in the wild has now made modern data protection a board-level discussion. From Russell’s experience, approximately five percent of data has been recovered. “The situation could become worse,” he said, “if they never had to recover their systems.” The issue stems from the IT team knowing there is a problem, but the business side not being up-to-speed. “There’s an old joke. What is your DR plan? It’s an updated resume,” Russell added. 

HOW DO YOU GET THERE? 

Russell envisions organizations making high probability type bets, as stated earlier in this article, ultimately prioritizing defending against ransomware. “That’s the big disaster other than a hurricane.” 

One area is data protection-as-a-service or DPaaS for managed services providers in the channel community. Another is Disaster-Recovery-as-a-Service or DRaaS. Both offer the ability to reduce IT costs while providing always updated solutions and peace of mind knowing that disasters can be averted.  

A best practices approach can certainly work in this area especially for enterprise backup for physical and virtual servers. One thing to look for is a solution that is purpose-built with an onsite backup appliance and secure replication to the cloud. By implementing this type of as-a-service solution organizations will get the benefit of leading-edge technology, data deduplication, encryption, cloud storage and multiple retention capabilities. 

Emerging European As-a-Service Market Growing Rapidly

Emerging European As-a-Service Market Growing Rapidly

By Paolo Del Nibletto 

The worldwide COVID-19 pandemic has put more focus on digital transformation and the as-a-service market not just in North America, but also in Europe.

The Jolera Interview Series talked to one of the top leaders at Veeam Software in Europe, Africa, and the Middle East (EMEA) in Riccardo Sbarboro, the head of professional services for Veeam in EMEA about the state of the as-a-service market in Europe and surrounding areas. Sbarboro, who has been in the IT sector for more than two decades, said the market in Europe for as-a-service has become a real revolution since the COVID-19 crisis. Sbarboro, who is based in Milan, Italy, only knows too well what COVID-19 and the subsequent lockdown did for the Italian region.

According to Rabo Research, Italy’s gross domestic production volume shrank by about 17 percent and it is believed that the economy will not fully recover until the year 2025. This on top of the more than 100,000 deaths because of COVID-19.

But those companies that took to the cloud immediately and provided remote working solutions or were well on their digital transformation journeys more than weathered the storm in Italy.

“In these days, all the companies have IT at their core now. And they are speeding up their innovation plans, while still limiting upfront costs. The anything-as-a-service business model, for many partners, are showing benefits,” he said.

One of the many challenges Sbarboro and his team at Veeam faces covering Europe, Middle East and Africa is that this region is the greatest melting pot of languages and culture in the world.

“In EMEA there are many groups with diverse cultures and differences,” he added.

At Veeam, the organization realized from the start that the COVID-19 pandemic was going to be a tough period for all involved and they put their focus on health and social interactions with staff, partners, and customers.

“I was lucky to be at Veeam during this time because we made it easy to grow in the difficult months. Veeam was fair and supportive and did not make it all about business,” he said.

One of Sbarboro’s many duties is running the channel partners at Veeam for the EMEA region, and this has provided him with great perspective on how COVID-19 has impacted the channel in many countries. Those partners that aligned with Veeam have experienced some of their best quarters in their history, even during the pandemic and lockdowns.

“Those that invested in digital transformation and Veeam benefitted because our offerings are 100 per cent aligned to that. We are aware of this particular situation and the impact is real, but those who reacted sooner and stayed on the right side of innovation were safe,” Sbarboro said.

For Sbarboro it is too early to talk about lessons learned from COVID-19. He says in an emergency you try to survive and minimize the impact and then look back on anything you may have learned later on.

“We are not there yet, but one of the things I’m sure about is those companies that were ready with as-a-service and digital transformation activities better sustained their business and the communities around them than those that did not.”

One of the strategies Veeam adopted was to enrich its portfolio of solutions by strengthening partnerships with leading providers in the as-a-service market. The partnership with Jolera has enabled Veeam in Europe, Middle East and Africa to continue to support its position as a 100 percent channel-driven organization while enhancing the technical skills to deliver value-added and reliable professional services for Veeam product portfolio implementations.

Jolera was one of a select few that were chosen by Veeam to be part of its Accredited Service Partner program also known as VASP.

“VASP is the special forces for projects about data management. We had several hundred applications, but just 50 were selected and Jolera is one of them. Jolera was since the beginning of this process one of the most promising partners we had, and the deeper the analysis the more the capabilities and the technical knowledge was evident. We are very happy to have found such a partner and we are looking forward to develop further this relation,” Sbarboro added.

Also, during the Jolera Interview Series, Sbarboro spoke about his passion for mentoring and coaching and about a unique endeavour called the Gentleman’s Ride in Bergamo.